Skip to content

Commit

Permalink
Fix version bug with ecdh
Browse files Browse the repository at this point in the history
  • Loading branch information
@disa6302
disa6302 committed Nov 2, 2023
1 parent 7e89983 commit bd42c94
Showing 1 changed file with 6 additions and 7 deletions.
13 changes: 6 additions & 7 deletions src/source/Crypto/Dtls_openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,16 +245,15 @@ STATUS createSslCtx(PDtlsSessionCertificateInfo pCertificates, UINT32 certCount,

CHK(pSslCtx != NULL, STATUS_SSL_CTX_CREATION_FAILED);

// Version less than 1.1.0
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
// https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_ecdh_auto.html
// Version >= 1.0.2 and < 1.1.0 [1.0.2, 1.1.0)
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L)
SSL_CTX_set_ecdh_auto(pSslCtx, TRUE);

// Version less than 3.0.0 and greater than 1.1.0
#elif (OPENSSL_VERSION_NUMBER < 0x30000000L)
#else
// https://www.openssl.org/docs/man1.1.1/man3/
// Version < 1.0.2 and >= 1.1.0 (1.0.2, 1.1.0]
CHK((ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) != NULL, STATUS_SSL_CTX_CREATION_FAILED);
CHK(SSL_CTX_set_tmp_ecdh(pSslCtx, ecdh) == 1, STATUS_SSL_CTX_CREATION_FAILED);
#else
DLOGI("ECDH enabled by default in 3.0.0. Nothing to do");
#endif

SSL_CTX_set_verify(pSslCtx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, dtlsCertificateVerifyCallback);
Expand Down

0 comments on commit bd42c94

Please sign in to comment.