Detect OpenSSL version at runtime, not at compile time

author: Janusz Dziemidowicz <rraptorr@nails.eu.org> 2012-07-24 07:40:07 +0200
committer: Janusz Dziemidowicz <rraptorr@nails.eu.org> 2012-07-24 07:40:07 +0200
commit: 5e7a1c88298c3a41558087bfdb4549865cf53a73 (patch)
tree: 463705222ca500d7464157b56068a2c0b1ebdb4a /src/tls/tls_drv.c
parent: Enable DHE key exchange in TLS driver (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/src/tls/tls_drv.c b/src/tls/tls_drv.c
index 889a0f303..b79d30c03 100644
--- a/src/tls/tls_drv.c
+++ b/src/tls/tls_drv.c
@@ -283,11 +283,15 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
  * See http://www.openssl.org/news/secadv_20110906.txt
  * for details.
  */
-#if OPENSSL_VERSION_NUMBER >= 0x1000005fL && !defined(OPENSSL_NO_ECDH)
+#ifndef OPENSSL_NO_ECDH
 static void setup_ecdh(SSL_CTX *ctx)
 {
    EC_KEY *ecdh;
 
+   if (SSLeay() < 0x1000005fL) {
+      return;
+   }
+
    ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
    SSL_CTX_set_tmp_ecdh(ctx, ecdh);
@@ -440,12 +444,12 @@ static ErlDrvSSizeT tls_drv_control(ErlDrvData handle,
 
 	    SSL_CTX_set_cipher_list(ctx, CIPHERS);
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000005fL && !defined(OPENSSL_NO_ECDH)
+#ifndef OPENSSL_NO_ECDH
 	    if (command == SET_CERTIFICATE_FILE_ACCEPT) {
 		setup_ecdh(ctx);
 	    }
 #endif
-#if !defined(OPENSSL_NO_DH)
+#ifndef OPENSSL_NO_DH
 	    if (command == SET_CERTIFICATE_FILE_ACCEPT) {
 		setup_dh(ctx);
 	    }
author	Janusz Dziemidowicz <rraptorr@nails.eu.org>	2012-07-24 07:40:07 +0200
committer	Janusz Dziemidowicz <rraptorr@nails.eu.org>	2012-07-24 07:40:07 +0200
commit	5e7a1c88298c3a41558087bfdb4549865cf53a73 (patch)
tree	463705222ca500d7464157b56068a2c0b1ebdb4a /src/tls/tls_drv.c
parent	Enable DHE key exchange in TLS driver (diff)