Fix version bug with ecdh

disa6302 · disa6302 · commit bd42c94e6e09 · 2023-11-02T12:53:02.000-07:00
diff --git a/src/source/Crypto/Dtls_openssl.c b/src/source/Crypto/Dtls_openssl.c
@@ -245,16 +245,15 @@ STATUS createSslCtx(PDtlsSessionCertificateInfo pCertificates, UINT32 certCount,
 
     CHK(pSslCtx != NULL, STATUS_SSL_CTX_CREATION_FAILED);
 
-    // Version less than 1.1.0
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+    // https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_ecdh_auto.html
+    // Version  >= 1.0.2 and < 1.1.0 [1.0.2, 1.1.0)
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L)
     SSL_CTX_set_ecdh_auto(pSslCtx, TRUE);
-
-    // Version less than 3.0.0 and greater than 1.1.0
-#elif (OPENSSL_VERSION_NUMBER < 0x30000000L)
+#else
+    // https://www.openssl.org/docs/man1.1.1/man3/
+    // Version < 1.0.2 and >= 1.1.0 (1.0.2, 1.1.0]
     CHK((ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) != NULL, STATUS_SSL_CTX_CREATION_FAILED);
     CHK(SSL_CTX_set_tmp_ecdh(pSslCtx, ecdh) == 1, STATUS_SSL_CTX_CREATION_FAILED);
-#else
-    DLOGI("ECDH enabled by default in 3.0.0. Nothing to do");
 #endif
 
     SSL_CTX_set_verify(pSslCtx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, dtlsCertificateVerifyCallback);
