From b6e799f5dfcd35e4089db802d98fad746cf5b380 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Sat, 30 Nov 2013 19:55:01 +0000
Subject: [PATCH] libratbox/openssl: check that ECDHE is really available on
 redhat derivatives (closes #43)

---
 libratbox/src/openssl.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c
index cae15a0a..63f01690 100644
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -314,9 +314,10 @@ rb_init_ssl(void)
 	/* Disable SSLv2, make the client use our settings */
 	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE);
 	SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);
-	
-	/* Set ECDHE on OpenSSL 1.00+ */
-	#if (OPENSSL_VERSION_NUMBER >= 0x10000000)
+
+	/* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available because redhat are dicks
+	   and bastardise their OpenSSL for stupid reasons... */
+	#if (OPENSSL_VERSION_NUMBER >= 0x10000000) && defined(NID_secp384r1)
 		SSL_CTX_set_tmp_ecdh(ssl_server_ctx, EC_KEY_new_by_curve_name(NID_secp384r1));
 	#endif