From: William A. Rowe Jr <wrowe@apache.org>
Date: Thu, 16 Feb 2017 22:27:24 +0000 (+0000)
Subject: Avoid unnecessary code (the deprecation macro wrapper itself emits unused args
X-Git-Tag: 2.5.0-alpha~653
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=915c1b708780796f471bd3ab18004f2aa8b2c0da;p=apache

Avoid unnecessary code (the deprecation macro wrapper itself emits unused args
warnings) in OpenSSL 1.1.0 and avoid _free()ing NULL references.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1783317 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 7b7a52c72e..6faa63b372 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1320,19 +1320,24 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
                      OBJ_nid2sn(nid), vhost_id, certfile);
     }
     /*
-     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
+     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2)
      * or configure NIST P-256 (required to enable ECDHE for earlier versions)
+     * ECDH is always enabled in 1.0.2 unless excluded from SSLCipherList
      */
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
     else {
-#if defined(SSL_CTX_set_ecdh_auto)
+#elif defined(SSL_CTX_set_ecdh_auto)
         SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
 #else
         eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
         SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
 #endif
     }
-    EC_KEY_free(eckey);
-    EC_GROUP_free(ecparams);
+#endif
+    if (eckey)
+        EC_KEY_free(eckey);
+    if (ecparams)
+        EC_GROUP_free(ecparams);
 #endif
 
     return APR_SUCCESS;