From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 2 Jan 2023 15:04:14 +0000 Subject: [PATCH 1/3] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0. Bug 2954 Broken-by: ca4014de81e6 --- src/tls-openssl.c | 7 ++++--- test/log/2149 | 28 ++++++++++++++-------------- test/runtest | 3 +++ test/scripts/2100-OpenSSL/2149 | 22 ++++++++++++---------- 4 files changed, 33 insertions(+), 27 deletions(-) diff --git a/src/tls-openssl.c b/src/tls-openssl.c index 4d0f99ea9..e063d29bd 100644 --- a/src/tls-openssl.c +++ b/src/tls-openssl.c @@ -786,8 +786,9 @@ if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef # endif ) { - tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve), - NULL, NULL, errstr); + uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve); + DEBUG(D_tls) debug_printf("TLS error '%s'\n", s); + if (errstr) *errstr = s; return FALSE; } @@ -803,7 +804,7 @@ if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef /* The "tmp" in the name here refers to setting a temporary key not to the stability of the interface. */ - if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0)) + if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0) tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr); else DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve); -- 2.39.0