From 279438f1df355e2eee09734cc0fc5ab86e0d2271 Mon Sep 17 00:00:00 2001
From: Leorize <leorize+oss@disroot.org>
Date: Thu, 4 Jun 2020 08:53:14 -0500
Subject: net: don't call set_ecdh_auto for super old OpenSSL

And the fun thing is that currently we use a super old OpenSSL on
Windows.
---
 lib/pure/net.nim         | 2 +-
 lib/wrappers/openssl.nim | 8 +++-----
 2 files changed, 4 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/pure/net.nim b/lib/pure/net.nim
index f628ee056..5db3edbed 100644
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -585,7 +585,7 @@ when defineSsl:
     #
     # From OpenSSL >= 1.1.0, this setting is set by default and can't be
     # overriden.
-    if newCTX.SSL_CTX_set_ecdh_auto(1) != 1:
+    if getOpenSSLVersion() >= 0x10002000 and newCTX.SSL_CTX_set_ecdh_auto(1) != 1:
       raiseSSLError()
 
     when defined(nimDisableCertificateValidation) or defined(windows):
diff --git a/lib/wrappers/openssl.nim b/lib/wrappers/openssl.nim
index 5af1edea5..c2f0250c0 100644
--- a/lib/wrappers/openssl.nim
+++ b/lib/wrappers/openssl.nim
@@ -264,12 +264,10 @@ when compileOption("dynlibOverride", "ssl") or defined(noOpenSSLHacks):
     proc SSL_library_init*(): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.}
     proc SSL_load_error_strings*() {.cdecl, dynlib: DLLSSLName, importc.}
     proc SSLv23_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.}
+    proc SSLeay(): culong {.cdecl, dynlib: DLLSSLName, importc.}
 
     proc getOpenSSLVersion*(): culong =
-      ## This interface is not supported for OpenSSL < 1.1.0 and will
-      ## always return 0. The interface is provided to aid code
-      ## supporting multiple OpenSSL versions.
-      0
+      SSLeay()
   else:
     proc OPENSSL_init_ssl*(opts: uint64, settings: uint8): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.}
     proc SSL_library_init*(): cint {.discardable.} =
@@ -394,7 +392,7 @@ else:
 
   proc getOpenSSLVersion*(): culong =
     ## Return OpenSSL version as unsigned long or 0 if not available
-    let theProc = cast[proc(): culong {.cdecl.}](sslSymNullable("OpenSSL_version_num"))
+    let theProc = cast[proc(): culong {.cdecl.}](sslSymNullable("OpenSSL_version_num", "SSLeay"))
     {.gcsafe.}:
       result =
         if theProc.isNil: 0.culong
-- 
cgit 1.4.1-2-gfad0