]> granicus.if.org Git - icinga2/commitdiff
Only include SSL_CTX_set_ecdh_auto for OpenSSL < 1.1.0 7352/head
authorMichael Friedrich <michael.friedrich@icinga.com>
Tue, 23 Jul 2019 15:39:02 +0000 (17:39 +0200)
committerMichael Friedrich <michael.friedrich@icinga.com>
Tue, 23 Jul 2019 15:39:02 +0000 (17:39 +0200)
lib/base/tlsutility.cpp

index 4102b70001d13ecc2fe0baf4bf209bcbd92d7593..3c675100226de25db15e484bbcd8acbfc61c84ee 100644 (file)
@@ -85,9 +85,12 @@ static void SetupSslContext(const std::shared_ptr<boost::asio::ssl::context>& co
        SSL_CTX_set_session_id_context(sslContext, (const unsigned char *)"Icinga 2", 8);
 
        // Explicitly load ECC ciphers, required on el7 - https://github.com/Icinga/icinga2/issues/7247
-#ifdef SSL_CTX_set_ecdh_auto
+       // SSL_CTX_set_ecdh_auto is deprecated and removed in OpenSSL 1.1.x - https://github.com/openssl/openssl/issues/1437
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#      ifdef SSL_CTX_set_ecdh_auto
        SSL_CTX_set_ecdh_auto(sslContext, 1);
-#endif /* SSL_CTX_set_ecdh_auto */
+#      endif /* SSL_CTX_set_ecdh_auto */
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 
        if (!pubkey.IsEmpty()) {
                if (!SSL_CTX_use_certificate_chain_file(sslContext, pubkey.CStr())) {