openssl: fix build with OPENSSL_NO_EC

* ext/openssl/ossl_ssl.c: Add define guards for OPENSSL_NO_EC. SSL_CTX_set_ecdh_auto() is defined even when ECDH is disabled in OpenSSL's configuration. This fixes r55214. * test/openssl/test_pair.rb (test_ecdh_curves): Skip if the OpenSSL does not support ECDH. * test/openssl/utils.rb (start_server): Ignore error in SSLContext#ecdh_curves=. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55342 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2016-06-09 10:46:46 +00:00 · 2016-06-09 10:46:46 +00:00 · dd05607f9a
commit dd05607f9a
parent bbcc64c236
4 changed files with 25 additions and 5 deletions
--- a/12
+++ b/12
@ -1,3 +1,15 @@
+Thu Jun  9 19:46:22 2016  Kazuki Yamaguchi  <k@rhe.jp>
+
+	* ext/openssl/ossl_ssl.c: Add define guards for OPENSSL_NO_EC.
+	  SSL_CTX_set_ecdh_auto() is defined even when ECDH is disabled in
+	  OpenSSL's configuration. This fixes r55214.
+
+	* test/openssl/test_pair.rb (test_ecdh_curves): Skip if the OpenSSL does
+	  not support ECDH.
+
+	* test/openssl/utils.rb (start_server): Ignore error in
+	  SSLContext#ecdh_curves=.
+
 Thu Jun  9 18:12:42 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* Makefile.in (un-runnable): fail with proper error message.
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@ -163,7 +163,7 @@ ossl_sslctx_s_alloc(VALUE klass)
    RTYPEDDATA_DATA(obj) = ctx;
    SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)obj);

-#if defined(HAVE_SSL_CTX_SET_ECDH_AUTO)
+#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_ECDH_AUTO)
    /* We use SSL_CTX_set1_curves_list() to specify the curve used in ECDH. It
     * allows to specify multiple curve names and OpenSSL will select
     * automatically from them. In OpenSSL 1.0.2, the automatic selection has to
@ -285,7 +285,7 @@ ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
 }
 #endif /* OPENSSL_NO_DH */

-#if !defined(OPENSSL_NO_EC)
+#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
 static VALUE
 ossl_call_tmp_ecdh_callback(VALUE args)
 {
@ -2300,7 +2300,7 @@ Init_ossl_ssl(void)
     */
    rb_attr(cSSLContext, rb_intern("client_cert_cb"), 1, 1, Qfalse);

-#if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
+#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
    /*
     * A callback invoked when ECDH parameters are required.
     *
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@ -433,7 +433,12 @@ module OpenSSL::TestPairM
    sock1, sock2 = tcp_pair

    ctx1 = OpenSSL::SSL::SSLContext.new
-    ctx1.ciphers = "ECDH"
+    begin
+      ctx1.ciphers = "ECDH"
+    rescue OpenSSL::SSL::SSLError
+      skip "ECDH is not enabled in this OpenSSL" if $!.message =~ /no cipher match/
+      raise
+    end
    ctx1.ecdh_curves = "P-384:P-521"
    ctx1.security_level = 0
    s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@ -298,7 +298,10 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
        ctx.cert = @svr_cert
        ctx.key = @svr_key
        ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
-        ctx.ecdh_curves = "P-256"
+        begin
+          ctx.ecdh_curves = "P-256"
+        rescue NotImplementedError
+        end
        ctx.verify_mode = verify_mode
        ctx_proc.call(ctx) if ctx_proc