diff options
| author | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:30:36 +0100 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:30:36 +0100 |
| commit | fe6ef2472db933f01b59cad82aa925736935984b (patch) | |
| tree | d589ecaada575ee4a692043ec0eb6fed9fae1557 /ssl/ssl_conf.c | |
| parent | 6977e8ee4a718a76351ba5275a9f0be4e530eab5 (diff) | |
Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/ssl_conf.c')
| -rw-r--r-- | ssl/ssl_conf.c | 57 |
1 files changed, 16 insertions, 41 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index ad20f4434c..ce52569ce9 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -268,48 +268,23 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { - int onoff = -1, rv = 1; - if (cctx->flags & SSL_CONF_FLAG_FILE) { - if (*value == '+') { - onoff = 1; - value++; - } - if (*value == '-') { - onoff = 0; - value++; - } - if (strcasecmp(value, "automatic") == 0) { - if (onoff == -1) - onoff = 1; - } else if (onoff != -1) - return 0; - } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { - if (strcmp(value, "auto") == 0) - onoff = 1; - } + int rv = 1; + EC_KEY *ecdh; + int nid; - if (onoff != -1) { - if (cctx->ctx) - rv = SSL_CTX_set_ecdh_auto(cctx->ctx, onoff); - else if (cctx->ssl) - rv = SSL_set_ecdh_auto(cctx->ssl, onoff); - } else { - EC_KEY *ecdh; - int nid; - nid = EC_curve_nist2nid(value); - if (nid == NID_undef) - nid = OBJ_sn2nid(value); - if (nid == 0) - return 0; - ecdh = EC_KEY_new_by_curve_name(nid); - if (!ecdh) - return 0; - if (cctx->ctx) - rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh); - else if (cctx->ssl) - rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh); - EC_KEY_free(ecdh); - } + nid = EC_curve_nist2nid(value); + if (nid == NID_undef) + nid = OBJ_sn2nid(value); + if (nid == 0) + return 0; + ecdh = EC_KEY_new_by_curve_name(nid); + if (!ecdh) + return 0; + if (cctx->ctx) + rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh); + else if (cctx->ssl) + rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh); + EC_KEY_free(ecdh); return rv > 0; } |