ITS#7595 don't try to use EC if OpenSSL lacks it

author Howard Chu <hyc@openldap.org>

Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)

committer Howard Chu <hyc@openldap.org>

Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)
author Howard Chu <hyc@openldap.org>
Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)
committer Howard Chu <hyc@openldap.org>
Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c

index 0bd7e972012ce379b4208f9d78ed46e7481b3611..6288456d319d00ba6e5fb305bd0dd3e805c4827d 100644 (file)
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -321,8 +321,12 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
                 DH_free( dh );
         }
  
-#ifdef SSL_OP_SINGLE_ECDH_USE
         if ( is_server && lo->ldo_tls_ecname ) {
+#ifdef OPENSSL_NO_EC
+               Debug( LDAP_DEBUG_ANY,
+                       "TLS: Elliptic Curves not supported.\n", 0,0,0 );
+               return -1;
+#else
                 EC_KEY *ecdh;
  
                 int nid = OBJ_sn2nid( lt->lt_ecname );
@@ -344,8 +348,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
                 SSL_CTX_set_tmp_ecdh( ctx, ecdh );
                 SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE );
                 EC_KEY_free( ecdh );
-       }
  #endif
+       }
  
         if ( tlso_opt_trace ) {
                 SSL_CTX_set_info_callback( ctx, tlso_info_cb );
author	Howard Chu <hyc@openldap.org>
	Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)
committer	Howard Chu <hyc@openldap.org>
	Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)