diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:22:31 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:22:31 +0100 |
commit | 6f78b9e824c053d062188578635c575017b587c5 (patch) | |
tree | 384ac167954740453837f37e9ad0cbadcb5888b7 /ssl/statem/statem_srvr.c | |
parent | ad3819c29ed91ee31ebc806939e6104970694811 (diff) |
Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index bdeaf7e0e0..fb64106350 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1874,12 +1874,6 @@ int tls_construct_server_key_exchange(SSL *s) int nid = tls1_shared_curve(s, -2); if (nid != NID_undef) ecdhp = EC_KEY_new_by_curve_name(nid); - } else if ((ecdhp == NULL) && s->cert->ecdh_tmp_cb) { - ecdhp = s->cert->ecdh_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3-> - tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s-> - s3->tmp.new_cipher)); } if (ecdhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; |