From: Howard Chu Date: Sun, 8 Sep 2013 13:32:23 +0000 (-0700) Subject: ITS#7595 don't try to use EC if OpenSSL lacks it X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=721e46fe6695077d63a3df6ea2e397920a72308d;p=openldap ITS#7595 don't try to use EC if OpenSSL lacks it --- diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c index 0bd7e97201..6288456d31 100644 --- a/libraries/libldap/tls_o.c +++ b/libraries/libldap/tls_o.c @@ -321,8 +321,12 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) DH_free( dh ); } -#ifdef SSL_OP_SINGLE_ECDH_USE if ( is_server && lo->ldo_tls_ecname ) { +#ifdef OPENSSL_NO_EC + Debug( LDAP_DEBUG_ANY, + "TLS: Elliptic Curves not supported.\n", 0,0,0 ); + return -1; +#else EC_KEY *ecdh; int nid = OBJ_sn2nid( lt->lt_ecname ); @@ -344,8 +348,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) SSL_CTX_set_tmp_ecdh( ctx, ecdh ); SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE ); EC_KEY_free( ecdh ); - } #endif + } if ( tlso_opt_trace ) { SSL_CTX_set_info_callback( ctx, tlso_info_cb );