$OpenBSD: patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls_c,v 1.2 2015/01/03 13:20:25 sthen Exp $

From 88d032d68bb314a9b5942135a5d587219ec1ce1a Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Wed, 31 Dec 2014 08:25:13 -0500
Subject: [PATCH] Sometimes we don't need to generate ephemeral RSA keys

--- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c.orig	Tue Nov 18 19:56:52 2014
+++ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c	Fri Jan  2 22:39:22 2015
@@ -202,6 +202,8 @@ static int generate_eph_rsa_key(SSL_CTX *ctx)
 {
 	RSA *rsa;
 
+	if (!SSL_CTX_need_tmp_RSA(ctx)) return 0;
+
 	rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
 
 	if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
