diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:22:31 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:22:31 +0100 |
commit | 6f78b9e824c053d062188578635c575017b587c5 (patch) | |
tree | 384ac167954740453837f37e9ad0cbadcb5888b7 /ssl/t1_lib.c | |
parent | ad3819c29ed91ee31ebc806939e6104970694811 (diff) |
Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 02ad438a6e..951be10d2d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -868,8 +868,8 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) /* Check this curve is acceptable */ if (!tls1_check_ec_key(s, curve_id, NULL)) return 0; - /* If auto or setting curve from callback assume OK */ - if (s->cert->ecdh_tmp_auto || s->cert->ecdh_tmp_cb) + /* If auto assume OK */ + if (s->cert->ecdh_tmp_auto) return 1; /* Otherwise check curve is acceptable */ else { @@ -892,10 +892,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) return 0; } if (!ec) { - if (s->cert->ecdh_tmp_cb) - return 1; - else - return 0; + return 0; } if (!tls1_set_ec_id(curve_id, NULL, ec)) return 0; |