diff options
author | William A. Rowe Jr <wrowe@apache.org> | 2017-03-08 11:41:35 +0000 |
---|---|---|
committer | William A. Rowe Jr <wrowe@apache.org> | 2017-03-08 11:41:35 +0000 |
commit | d5184b2337e33e6ed6078399106b33b556af35bc (patch) | |
tree | c52abb5e060dda5e3f311bbb8877d2f95a15dd50 | |
parent | feeb25ffc1b26f9295e0ac1ebfd8799750a7afa2 (diff) | |
download | httpd-2.4.x-openssl-1.1.0-compat.tar.gz |
Avoid unnecessary code (the deprecation macro wrapper itself emits unused args2.4.x-openssl-1.1.0-compat
warnings) in OpenSSL 1.1.0.
(Backs out and documents avoidance of _free()ing NULL references.)
Backports: r1783317,1783318,1783434,1783438
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1785949 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | modules/ssl/ssl_engine_init.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index ba79ef3146..e60ac30434 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -1299,9 +1299,11 @@ static apr_status_t ssl_init_server_certs(server_rec *s, OBJ_nid2sn(nid), vhost_id, certfile); } /* - * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later) + * ...otherwise, enable auto curve selection (OpenSSL 1.0.2) * or configure NIST P-256 (required to enable ECDHE for earlier versions) + * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList */ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) else { #if defined(SSL_CTX_set_ecdh_auto) SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1); @@ -1310,6 +1312,8 @@ static apr_status_t ssl_init_server_certs(server_rec *s, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); #endif } +#endif + /* OpenSSL assures us that _free() is NULL-safe */ EC_KEY_free(eckey); EC_GROUP_free(ecparams); #endif |