Only disabled what we need to in a no-dh build

no-dh disables the low level API for DH. However, since we're now using the high level EVP API in most places we don't need to disable quite so much. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
author: Matt Caswell <matt@openssl.org> 2020-10-16 16:35:44 +0100
committer: Matt Caswell <matt@openssl.org> 2020-11-18 14:14:52 +0000
commit: 13c453728c076d5c1a65a5fd9424e15a9964d755 (patch)
tree: 2adfcc10718f85bab39f1ffcbdb5dff63efe6b69 /ssl/ssl_local.h
parent: 163f6dc1f70f30de46a68137c36e70cae4d95cd8 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 67bb0a8d52..a14d97b8e9 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2004,11 +2004,12 @@ typedef struct cert_st {
      * an index, not a pointer.
      */
     CERT_PKEY *key;
-# ifndef OPENSSL_NO_DH
+
     EVP_PKEY *dh_tmp;
+#ifndef OPENSSL_NO_DH
     DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+#endif
     int dh_tmp_auto;
-# endif
     /* Flags related to certificates */
     uint32_t cert_flags;
     CERT_PKEY pkeys[SSL_PKEY_NUM];
@@ -2692,9 +2693,7 @@ void tls1_set_cert_validity(SSL *s);
 __owur int ssl_validate_ct(SSL *s);
 #  endif
 
-#  ifndef OPENSSL_NO_DH
 __owur EVP_PKEY *ssl_get_auto_dh(SSL *s);
-#  endif
 
 __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
 __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
author	Matt Caswell <matt@openssl.org>	2020-10-16 16:35:44 +0100
committer	Matt Caswell <matt@openssl.org>	2020-11-18 14:14:52 +0000
commit	13c453728c076d5c1a65a5fd9424e15a9964d755 (patch)
tree	2adfcc10718f85bab39f1ffcbdb5dff63efe6b69 /ssl/ssl_local.h
parent	163f6dc1f70f30de46a68137c36e70cae4d95cd8 (diff)