summary refs log tree commit diff stats
path: root/lib
diff options
context:
space:
mode:
authorLeorize <leorize+oss@disroot.org>2020-06-04 08:53:14 -0500
committerAndreas Rumpf <rumpf_a@web.de>2020-06-06 21:11:53 +0200
commit279438f1df355e2eee09734cc0fc5ab86e0d2271 (patch)
tree2f8474889bab8370f502c74ed2c830aa890578c7 /lib
parentb5b191af4bb3dea9c49b2637d203957daf42478a (diff)
downloadNim-279438f1df355e2eee09734cc0fc5ab86e0d2271.tar.gz
net: don't call set_ecdh_auto for super old OpenSSL
And the fun thing is that currently we use a super old OpenSSL on
Windows.
Diffstat (limited to 'lib')
-rw-r--r--lib/pure/net.nim2
-rw-r--r--lib/wrappers/openssl.nim8
2 files changed, 4 insertions, 6 deletions
diff --git a/lib/pure/net.nim b/lib/pure/net.nim
index f628ee056..5db3edbed 100644
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -585,7 +585,7 @@ when defineSsl:
     #
     # From OpenSSL >= 1.1.0, this setting is set by default and can't be
     # overriden.
-    if newCTX.SSL_CTX_set_ecdh_auto(1) != 1:
+    if getOpenSSLVersion() >= 0x10002000 and newCTX.SSL_CTX_set_ecdh_auto(1) != 1:
       raiseSSLError()
 
     when defined(nimDisableCertificateValidation) or defined(windows):
diff --git a/lib/wrappers/openssl.nim b/lib/wrappers/openssl.nim
index 5af1edea5..c2f0250c0 100644
--- a/lib/wrappers/openssl.nim
+++ b/lib/wrappers/openssl.nim
@@ -264,12 +264,10 @@ when compileOption("dynlibOverride", "ssl") or defined(noOpenSSLHacks):
     proc SSL_library_init*(): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.}
     proc SSL_load_error_strings*() {.cdecl, dynlib: DLLSSLName, importc.}
     proc SSLv23_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.}
+    proc SSLeay(): culong {.cdecl, dynlib: DLLSSLName, importc.}
 
     proc getOpenSSLVersion*(): culong =
-      ## This interface is not supported for OpenSSL < 1.1.0 and will
-      ## always return 0. The interface is provided to aid code
-      ## supporting multiple OpenSSL versions.
-      0
+      SSLeay()
   else:
     proc OPENSSL_init_ssl*(opts: uint64, settings: uint8): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.}
     proc SSL_library_init*(): cint {.discardable.} =
@@ -394,7 +392,7 @@ else:
 
   proc getOpenSSLVersion*(): culong =
     ## Return OpenSSL version as unsigned long or 0 if not available
-    let theProc = cast[proc(): culong {.cdecl.}](sslSymNullable("OpenSSL_version_num"))
+    let theProc = cast[proc(): culong {.cdecl.}](sslSymNullable("OpenSSL_version_num", "SSLeay"))
     {.gcsafe.}:
       result =
         if theProc.isNil: 0.culong