Commit 6eb35ccc authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files 

Avoid unnecessary code (the deprecation macro wrapper itself emits unused args
warnings) in OpenSSL 1.1.0.

(Backs out and documents avoidance of _free()ing NULL references.)

Backports: r1783317,1783318,1783434,1783438



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1785949 13f79535-47bb-0310-9956-ffa450edef68
parent a6bc6850

modules/ssl/ssl_engine_init.c

+5 −1
Original line number Diff line number Diff line
@@ -1299,9 +1299,11 @@ static apr_status_t ssl_init_server_certs(server_rec *s, 
                     OBJ_nid2sn(nid), vhost_id, certfile);

    }

    /*

     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)

     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2)

     * or configure NIST P-256 (required to enable ECDHE for earlier versions)

     * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList

     */

#if (OPENSSL_VERSION_NUMBER < 0x10100000L)

    else {

#if defined(SSL_CTX_set_ecdh_auto)

        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
@@ -1310,6 +1312,8 @@ static apr_status_t ssl_init_server_certs(server_rec *s, 
                             EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));

#endif

    }

#endif

    /* OpenSSL assures us that _free() is NULL-safe */

    EC_KEY_free(eckey);

    EC_GROUP_free(ecparams);

#endif