From d1edb424b7f46e5db4f127a12a19c0dc3f864c65 Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Wed, 25 Oct 2017 23:18:51 -0400
Subject: [PATCH] remove DH parameter stuff that isn't needed and doesn't work
 with newer openssl

---
 citadel/modules/crypto/serv_crypto.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index eea501d39..6296e5dc3 100644
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -74,7 +74,6 @@ void destruct_ssl(void)
 void init_ssl(void)
 {
 	const SSL_METHOD *ssl_method;
-	DH *dh;
 	RSA *rsa=NULL;
 	X509_REQ *req = NULL;
 	X509 *cer = NULL;
@@ -136,8 +135,9 @@ void init_ssl(void)
 	CRYPTO_set_locking_callback(ssl_lock);
 	CRYPTO_set_id_callback(id_callback);
 
+#if 0 // this doesn't work in newer openssl
 	/* Load DH parameters into the context */
-	dh = DH_new();
+	DH *dh = DH_new();
 	if (!dh) {
 		syslog(LOG_CRIT, "init_ssl() can't allocate a DH object: %s", ERR_reason_error_string(ERR_get_error()));
 		SSL_CTX_free(ssl_ctx);
@@ -159,6 +159,7 @@ void init_ssl(void)
 	dh->length = DH_L;
 	SSL_CTX_set_tmp_dh(ssl_ctx, dh);
 	DH_free(dh);
+#endif // this doesn't work in newer openssl
 
 	/* Get our certificates in order.
 	 * First, create the key/cert directory if it's not there already...
-- 
2.30.2