From 803b0d35e8f00f0547f1458672d4bde1476b9c1f Mon Sep 17 00:00:00 2001 From: Yossi Gottlieb Date: Mon, 20 Apr 2020 13:34:37 +0300 Subject: [PATCH 1/2] TLS: Fix build on older verisons of OpenSSL. --- src/tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tls.c b/src/tls.c index 5fac6902b..ea0c34469 100644 --- a/src/tls.c +++ b/src/tls.c @@ -168,7 +168,9 @@ int tlsConfigure(redisTLSContextConfig *ctx_config) { SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); +#if defined(SSL_CTX_set_ecdh_auto) SSL_CTX_set_ecdh_auto(ctx, 1); +#endif if (SSL_CTX_use_certificate_file(ctx, ctx_config->cert_file, SSL_FILETYPE_PEM) <= 0) { ERR_error_string_n(ERR_get_error(), errbuf, sizeof(errbuf)); From 9bb3429f1a84b29d245b0b348d4ef50ef5526c46 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Wed, 22 Apr 2020 09:43:01 +0200 Subject: [PATCH 2/2] TLS: Fix build with SSL_OP_NO_CLIENT_RENEGOTIATION There is no ssl in this scope, so the build breaks. All the other options are set directly on the ctx. --- src/tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls.c b/src/tls.c index ea0c34469..c18aafebe 100644 --- a/src/tls.c +++ b/src/tls.c @@ -160,7 +160,7 @@ int tlsConfigure(redisTLSContextConfig *ctx_config) { #endif #ifdef SSL_OP_NO_CLIENT_RENEGOTIATION - SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); + SSL_CTX_set_options(ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); #endif if (ctx_config->prefer_server_ciphers)