From ac48fba036e1764dfa98ed0f0aa932491aa1c4ef Mon Sep 17 00:00:00 2001 From: Antoine Salon Date: Tue, 6 Nov 2018 13:26:49 -0800 Subject: [PATCH] Deprecate SSL_set_tmp_ecdh Signed-off-by: Antoine Salon Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7522) --- doc/man3/SSL_CTX_set_tmp_ecdh.pod | 2 ++ include/openssl/ssl.h | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/man3/SSL_CTX_set_tmp_ecdh.pod b/doc/man3/SSL_CTX_set_tmp_ecdh.pod index 08e88da312..398fcbfd64 100644 --- a/doc/man3/SSL_CTX_set_tmp_ecdh.pod +++ b/doc/man3/SSL_CTX_set_tmp_ecdh.pod @@ -19,8 +19,10 @@ long SSL_set_ecdh_auto(SSL *ssl, int state); SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be B. The key is inherited by all B objects created from B. +This macro is deprecated in favor of L. SSL_set_tmp_ecdh() sets the parameters only for B. +This macro is deprecated in favor of L. SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() are deprecated and have no effect. diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index cceb2d495a..1e9e8d5721 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1307,16 +1307,18 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) # define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) # define SSL_CTX_set_dh_auto(ctx, onoff) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_dh_auto(s, onoff) \ SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# define SSL_set_tmp_ecdh(ssl,ecdh) \ +# if OPENSSL_API_COMPAT < 0x10200000L +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# endif # define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) # define SSL_CTX_get_extra_chain_certs(ctx,px509) \ -- 2.34.1