1 files changed, 42 insertions, 0 deletions

diff --git a/debian/patches/75_62-OpenSSL-Fix-tls_eccurve-on-earlier-versions-than-3.0.patch b/debian/patches/75_62-OpenSSL-Fix-tls_eccurve-on-earlier-versions-than-3.0.patch
new file mode 100644
index 0000000..e346df1
--- /dev/null
+++ b/debian/patches/75_62-OpenSSL-Fix-tls_eccurve-on-earlier-versions-than-3.0.patch
@@ -0,0 +1,42 @@
+From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon, 2 Jan 2023 15:04:14 +0000
+Subject: [PATCH 1/3] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0. 
+ Bug 2954
+
+Broken-by: ca4014de81e6
+---
+ src/tls-openssl.c          |  7 ++++---
+ test/log/2149                  | 28 ++++++++++++++--------------
+ test/runtest                   |  3 +++
+ test/scripts/2100-OpenSSL/2149 | 22 ++++++++++++----------
+ 4 files changed, 33 insertions(+), 27 deletions(-)
+
+diff --git a/src/tls-openssl.c b/src/tls-openssl.c
+index 4d0f99ea9..e063d29bd 100644
+--- a/src/tls-openssl.c
++++ b/src/tls-openssl.c
+@@ -786,8 +786,9 @@ if (  (nid = OBJ_sn2nid       (CCS exp_curve)) == NID_undef
+ #   endif
+    )
+   {
+-  tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
+-    NULL, NULL, errstr);
++  uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve);
++  DEBUG(D_tls) debug_printf("TLS error '%s'\n", s);
++  if (errstr) *errstr = s;
+   return FALSE;
+   }
+ 
+@@ -803,7 +804,7 @@ if (  (nid = OBJ_sn2nid       (CCS exp_curve)) == NID_undef
+   /* The "tmp" in the name here refers to setting a temporary key
+   not to the stability of the interface. */
+ 
+-  if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
++  if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0)
+     tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
+   else
+     DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
+-- 
+2.39.0
+