diff --git a/CMakeLists.txt b/CMakeLists.txt index ad68a19a..bd6bb367 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -696,6 +696,15 @@ if (LWS_WITH_SSL) include_directories("${OPENSSL_INCLUDE_DIRS}") list(APPEND LIB_LIST ${OPENSSL_LIBRARIES}) endif() + + # older (0.98) Openssl lacks this + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS}) + check_include_file(openssl/ecdh.h LWS_HAVE_OPENSSL_ECDH_H) + + if (LWS_SSL_SERVER_WITH_ECDH_CERT AND NOT LWS_HAVE_OPENSSL_ECDH_H) + message(FATAL_ERROR "Missing openssl/ecdh.h, so cannot use LWS_SSL_SERVER_WITH_ECDH_CERT") + endif() + endif(LWS_WITH_SSL) if (LWS_WITH_LIBEV) @@ -1217,6 +1226,7 @@ message(" LWS_MBED3 = ${LWS_MBED3}") message(" LWS_SSL_SERVER_WITH_ECDH_CERT = ${LWS_SSL_SERVER_WITH_ECDH_CERT}") message(" LWS_MAX_SMP = ${LWS_MAX_SMP}") message(" LWS_WITH_CGI = ${LWS_WITH_CGI}") +message(" LWS_HAVE_OPENSSL_ECDH_H = ${LWS_HAVE_OPENSSL_ECDH_H}") message("---------------------------------------------------------------------") # These will be available to parent projects including libwebsockets using add_subdirectory() diff --git a/lib/ssl.c b/lib/ssl.c index a0372d7a..2a94f153 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -24,7 +24,7 @@ #include #endif -#if OPENSSL_VERSION_NUMBER >= 0x0090800fL +#ifdef LWS_HAVE_OPENSSL_ECDH_H #include #endif @@ -139,7 +139,7 @@ static int lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info, struct lws_context *context) { -#if OPENSSL_VERSION_NUMBER >= 0x0090800fL +#ifdef LWS_HAVE_OPENSSL_ECDH_H EC_KEY *ecdh; int ecdh_nid; const char *ecdh_curve = "prime256v1"; diff --git a/lws_config.h.in b/lws_config.h.in index c108eb3a..a647a4b5 100644 --- a/lws_config.h.in +++ b/lws_config.h.in @@ -77,6 +77,9 @@ /* CGI apis */ #cmakedefine LWS_WITH_CGI +/* whether the Openssl is recent enough, and / or built with, ecdh */ +#cmakedefine LWS_HAVE_OPENSSL_ECDH_H + /* Maximum supported service threads */ #define LWS_MAX_SMP ${LWS_MAX_SMP}