session mbedtls UPDATE add libssh version check

Roytak · Roytak · commit cc2efb4f614d · 2026-01-05T11:45:42.000+01:00
diff --git a/src/session_mbedtls.c b/src/session_mbedtls.c
@@ -1413,6 +1413,8 @@ nc_tls_import_cert_file_wrap(const char *cert_path)
     return c;
 }
 
+#if (LIBSSH_VERSION_MAJOR > 0) || (LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 11)
+
 /**
  * @brief Convert a PKCS#1/SEC1 private key to OpenSSH format.
  *
@@ -1445,6 +1447,8 @@ nc_tls_privkey_export_openssh(const char *pk, char **privkey)
     return rc;
 }
 
+#endif // (LIBSSH_VERSION_MAJOR > 0) || (LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 11)
+
 int
 nc_tls_privkey_export_wrap(void *pkey, enum nc_privkey_format format, char **privkey)
 {
@@ -1475,8 +1479,15 @@ nc_tls_privkey_export_wrap(void *pkey, enum nc_privkey_format format, char **pri
     }
 
     if (format == NC_PRIVKEY_FORMAT_OPENSSH) {
-        /* convert it to OpenSSH format */
+#if (LIBSSH_VERSION_MAJOR > 0) || (LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 11)
+        /* convert it to OpenSSH format, API added in libssh 0.11.0 */
         rc = nc_tls_privkey_export_openssh(pk, privkey);
+#else
+        /* older versions of libssh do not support exporting to OpenSSH format,
+         * so just use the original PEM instead */
+        *privkey = pk;
+        pk = NULL;
+#endif // (LIBSSH_VERSION_MAJOR > 0) || (LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 11)
     } else {
         /* return the PEM as is (PKCS#1 or SEC1), mbedtls can not do NC_PRIVKEY_FORMAT_X509 */
         *privkey = pk;
diff --git a/src/session_openssl.c b/src/session_openssl.c
@@ -1201,6 +1201,8 @@ nc_tls_import_cert_file_wrap(const char *cert_path)
     return cert;
 }
 
+#if (LIBSSH_VERSION_MAJOR > 0) || (LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 11)
+
 /**
  * @brief Export OpenSSL's EVP_PKEY to OpenSSH private key format.
  *
@@ -1255,6 +1257,8 @@ nc_tls_privkey_export_openssh(EVP_PKEY *pkey, char **privkey)
     return rc;
 }
 
+#endif // (LIBSSH_VERSION_MAJOR > 0) || (LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 11)
+
 int
 nc_tls_privkey_export_wrap(void *pkey, enum nc_privkey_format format, char **privkey)
 {
@@ -1280,9 +1284,16 @@ nc_tls_privkey_export_wrap(void *pkey, enum nc_privkey_format format, char **pri
         output_structure = "PrivateKeyInfo";
         break;
     case NC_PRIVKEY_FORMAT_OPENSSH:
-        /* we need to use libssh for this */
+#if (LIBSSH_VERSION_MAJOR > 0) || (LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 11)
+        /* we need to use libssh for this, API for this added in libssh 0.11.0 */
         rc = nc_tls_privkey_export_openssh(pkey, privkey);
         goto cleanup;
+#else
+        /* older versions of libssh do not support exporting to OpenSSH format,
+         * so just convert to PrivateKeyInfo instead */
+        output_structure = "PrivateKeyInfo";
+        break;
+#endif // (LIBSSH_VERSION_MAJOR > 0) || (LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 11)
     default:
         ERRINT;
         rc = 1;
