[exim-dev] [Bug 2954] tls_eccurve (>= OpenSSL 3.0.0) dysfunc…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2954] tls_eccurve (>= OpenSSL 3.0.0) dysfunctional
https://bugs.exim.org/show_bug.cgi?id=2954

--- Comment #4 from help@??? ---
-------------------------------------------
*** tls-openssl.c ORIGINAL EXCERPT ***
-------------------------------------------
# if OPENSSL_VERSION_NUMBER < 0x30000000L
 {
  EC_KEY * ecdh;
  if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
    {
    tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
    return FALSE;
    }


/* The "tmp" in the name here refers to setting a temporary key
not to the stability of the interface. */

  if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
    tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL,
NULL, errstr);
  else
    DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
  EC_KEY_free(ecdh);
 }


#else /* v 3.0.0 + */

if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL,
errstr);
else
DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);

#endif



-------------------------------------------
*** tls-openssl.c PATCHED EXCERPT ***
-------------------------------------------
# if OPENSSL_VERSION_NUMBER < 0x30000000L
 {
  EC_KEY * ecdh;
  if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
    {
    tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
    return FALSE;
    }


/* The "tmp" in the name here refers to setting a temporary key
not to the stability of the interface. */

  if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
    tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL,
NULL, errstr);
  else
    DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
  EC_KEY_free(ecdh);
 }


#else /* v 3.0.0 + */

if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1) == 0))
tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL,
errstr);
else
DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);

#endif



-------------------------------------------
*** RELEVANT CHANGES MADE ***
-------------------------------------------
- if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
+ if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1) == 0))

--
You are receiving this mail because:
You are on the CC list for the bug.