diff options
author | Leorize <leorize+oss@disroot.org> | 2020-06-04 08:53:14 -0500 |
---|---|---|
committer | Andreas Rumpf <rumpf_a@web.de> | 2020-06-06 21:11:53 +0200 |
commit | 279438f1df355e2eee09734cc0fc5ab86e0d2271 (patch) | |
tree | 2f8474889bab8370f502c74ed2c830aa890578c7 /lib | |
parent | b5b191af4bb3dea9c49b2637d203957daf42478a (diff) | |
download | Nim-279438f1df355e2eee09734cc0fc5ab86e0d2271.tar.gz |
net: don't call set_ecdh_auto for super old OpenSSL
And the fun thing is that currently we use a super old OpenSSL on Windows.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/pure/net.nim | 2 | ||||
-rw-r--r-- | lib/wrappers/openssl.nim | 8 |
2 files changed, 4 insertions, 6 deletions
diff --git a/lib/pure/net.nim b/lib/pure/net.nim index f628ee056..5db3edbed 100644 --- a/lib/pure/net.nim +++ b/lib/pure/net.nim @@ -585,7 +585,7 @@ when defineSsl: # # From OpenSSL >= 1.1.0, this setting is set by default and can't be # overriden. - if newCTX.SSL_CTX_set_ecdh_auto(1) != 1: + if getOpenSSLVersion() >= 0x10002000 and newCTX.SSL_CTX_set_ecdh_auto(1) != 1: raiseSSLError() when defined(nimDisableCertificateValidation) or defined(windows): diff --git a/lib/wrappers/openssl.nim b/lib/wrappers/openssl.nim index 5af1edea5..c2f0250c0 100644 --- a/lib/wrappers/openssl.nim +++ b/lib/wrappers/openssl.nim @@ -264,12 +264,10 @@ when compileOption("dynlibOverride", "ssl") or defined(noOpenSSLHacks): proc SSL_library_init*(): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.} proc SSL_load_error_strings*() {.cdecl, dynlib: DLLSSLName, importc.} proc SSLv23_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.} + proc SSLeay(): culong {.cdecl, dynlib: DLLSSLName, importc.} proc getOpenSSLVersion*(): culong = - ## This interface is not supported for OpenSSL < 1.1.0 and will - ## always return 0. The interface is provided to aid code - ## supporting multiple OpenSSL versions. - 0 + SSLeay() else: proc OPENSSL_init_ssl*(opts: uint64, settings: uint8): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.} proc SSL_library_init*(): cint {.discardable.} = @@ -394,7 +392,7 @@ else: proc getOpenSSLVersion*(): culong = ## Return OpenSSL version as unsigned long or 0 if not available - let theProc = cast[proc(): culong {.cdecl.}](sslSymNullable("OpenSSL_version_num")) + let theProc = cast[proc(): culong {.cdecl.}](sslSymNullable("OpenSSL_version_num", "SSLeay")) {.gcsafe.}: result = if theProc.isNil: 0.culong |