Remove support for SSL_{CTX_}set_tmp_ecdh_callback().

This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
author: Kurt Roeckx <kurt@roeckx.be> 2015-12-04 22:22:31 +0100
committer: Kurt Roeckx <kurt@roeckx.be> 2015-12-04 22:22:31 +0100
commit: 6f78b9e824c053d062188578635c575017b587c5 (patch)
tree: 384ac167954740453837f37e9ad0cbadcb5888b7 /ssl/t1_lib.c
parent: ad3819c29ed91ee31ebc806939e6104970694811 (diff)
1 files changed, 3 insertions, 6 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 02ad438a6e..951be10d2d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -868,8 +868,8 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
         /* Check this curve is acceptable */
         if (!tls1_check_ec_key(s, curve_id, NULL))
             return 0;
-        /* If auto or setting curve from callback assume OK */
-        if (s->cert->ecdh_tmp_auto || s->cert->ecdh_tmp_cb)
+        /* If auto assume OK */
+        if (s->cert->ecdh_tmp_auto)
             return 1;
         /* Otherwise check curve is acceptable */
         else {
@@ -892,10 +892,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
             return 0;
     }
     if (!ec) {
-        if (s->cert->ecdh_tmp_cb)
-            return 1;
-        else
-            return 0;
+        return 0;
     }
     if (!tls1_set_ec_id(curve_id, NULL, ec))
         return 0;
author	Kurt Roeckx <kurt@roeckx.be>	2015-12-04 22:22:31 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	2015-12-04 22:22:31 +0100
commit	6f78b9e824c053d062188578635c575017b587c5 (patch)
tree	384ac167954740453837f37e9ad0cbadcb5888b7 /ssl/t1_lib.c
parent	ad3819c29ed91ee31ebc806939e6104970694811 (diff)