Ignore -named_curve auto value to improve backwards compatibility

Fixes #3490 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3518) (cherry picked from commit 1c7aa0dbf16c3389bbedd13391bb653e7a189603)
author: Tomas Mraz <tmraz@fedoraproject.org> 2017-05-22 16:20:21 +0200
committer: Matt Caswell <matt@openssl.org> 2017-06-08 21:30:17 +0100
commit: 59d37902343656c1317d80f1ef5c7bdc550a1294 (patch)
tree: 19d265b2c3c0d8a1fa196dc42958c54f81671b30
parent: 2984afdad9696e4de4762ebc0039f9353773f66c (diff)
2 files changed, 11 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 52d1fb42dd..f13c6d11f4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,9 @@
 
  Changes between 1.1.0f and 1.1.0g [xx XXX xxxx]
 
-  *)
+  *) Ignore the '-named_curve auto' value for compatibility of applications
+     with OpenSSL 1.0.2.
+     [Tomas Mraz <tmraz@fedoraproject.org>]
 
  Changes between 1.1.0e and 1.1.0f [25 May 2017]
 
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 3957946092..88e4103820 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -221,6 +221,14 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
     EC_KEY *ecdh;
     int nid;
 
+    /* Ignore values supported by 1.0.2 for the automatic selection */
+    if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
+        strcasecmp(value, "+automatic") == 0)
+        return 1;
+    if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
+        strcmp(value, "auto") == 0)
+        return 1;
+
     nid = EC_curve_nist2nid(value);
     if (nid == NID_undef)
         nid = OBJ_sn2nid(value);
author	Tomas Mraz <tmraz@fedoraproject.org>	2017-05-22 16:20:21 +0200
committer	Matt Caswell <matt@openssl.org>	2017-06-08 21:30:17 +0100
commit	59d37902343656c1317d80f1ef5c7bdc550a1294 (patch)
tree	19d265b2c3c0d8a1fa196dc42958c54f81671b30
parent	2984afdad9696e4de4762ebc0039f9353773f66c (diff)