[spice-server,02/23] reds: Fix SSL_CTX_set_ecdh_auto call for some old OpenSSL

Submitted by Frediano Ziglio on June 25, 2019, 4:11 p.m.

Details

Message ID 20190625161147.25211-3-fziglio@redhat.com
State Accepted
Commit 214736dce643ce3ee257da017373e88cc19d2d3b
Headers show
Series "WebSocket support" ( rev: 1 ) in Spice

Not browsing as part of any series.

Commit Message

Frediano Ziglio June 25, 2019, 4:11 p.m.
SSL_CTX_set_ecdh_auto is not defined in some old versions of OpenSSL

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
---
 configure.ac  | 9 +++++++++
 server/reds.c | 2 ++
 2 files changed, 11 insertions(+)

Patch hide | download patch | download mbox

diff --git a/configure.ac b/configure.ac
index e12d7e854..49c009d4c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -209,6 +209,15 @@  AC_SUBST(SSL_CFLAGS)
 AC_SUBST(SSL_LIBS)
 AS_VAR_APPEND([SPICE_REQUIRES], [" openssl"])
 
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $SSL_CFLAGS"
+AC_CHECK_DECLS([SSL_CTX_set_ecdh_auto], [], [], [
+AC_INCLUDES_DEFAULT
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+])
+CFLAGS="$save_CFLAGS"
+
 AC_CHECK_LIB(jpeg, jpeg_destroy_decompress,
     AC_MSG_CHECKING([for jpeglib.h])
     AC_TRY_CPP(
diff --git a/server/reds.c b/server/reds.c
index 792e98381..b4061fbc3 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2937,7 +2937,9 @@  static int reds_init_ssl(RedsState *reds)
     }
 
     SSL_CTX_set_options(reds->ctx, ssl_options);
+#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO || defined(SSL_CTX_set_ecdh_auto)
     SSL_CTX_set_ecdh_auto(reds->ctx, 1);
+#endif
 
     /* Load our keys and certificates*/
     return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, reds->config->ssl_parameters.certs_file);