Merge branch 'topic/openssl-1.1.0'

* topic/openssl-1.1.0:
  examples/static_server: call ctx.tmp_ecdh_callback only when needed
  rack/listener: tls: call tmp_ecdh_callback only when needed

2 files changed, 8 insertions, 4 deletions

diff --git a/examples/static_server.rb b/examples/static_server.rb
index d26b91c..6f7e00a 100644
--- a/examples/static_server.rb
+++ b/examples/static_server.rb
@@ -26,9 +26,11 @@ ctx.alpn_select_cb = -> protocols {
   raise "Client does not support HTTP/2: #{protocols}" unless protocols.include?("h2")
   "h2"
 }
-ctx.tmp_ecdh_callback = -> (sock, ise, keyl) {
-  OpenSSL::PKey::EC.new("prime256v1")
-}
+if ctx.respond_to?(:tmp_ecdh_callback) && !ctx.respond_to?(:set_ecdh_curves)
+  ctx.tmp_ecdh_callback = -> (sock, ise, keyl) {
+    OpenSSL::PKey::EC.new("prime256v1")
+  }
+end
 ctx.cert = OpenSSL::X509::Certificate.new File.read(".crt.local")
 ctx.key = OpenSSL::PKey::RSA.new File.read(".key.local")
 tcp_server = TCPServer.new("0.0.0.0", 40443)
diff --git a/lib/plum/rack/listener.rb b/lib/plum/rack/listener.rb
index 901642e..1628ec7 100644
--- a/lib/plum/rack/listener.rb
+++ b/lib/plum/rack/listener.rb
@@ -63,7 +63,9 @@ module Plum
         ctx = OpenSSL::SSL::SSLContext.new
         ctx.ssl_version = :TLSv1_2
         ctx.alpn_select_cb = -> (protocols) { protocols.include?("h2") ? "h2" : protocols.first }
-        ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { OpenSSL::PKey::EC.new("prime256v1") }
+        if ctx.respond_to?(:tmp_ecdh_callback) && !ctx.respond_to?(:set_ecdh_curves)
+          ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { OpenSSL::PKey::EC.new("prime256v1") }
+        end
         *ctx.extra_chain_cert, ctx.cert = parse_chained_cert(cert)
         ctx.key = OpenSSL::PKey::RSA.new(key)
         ctx.servername_cb = proc { |sock, hostname|