Commit 1c7aa0db authored May 22, 2017 by Tomas Mraz Committed by Matt Caswell Jun 08, 2017

Ignore -named_curve auto value to improve backwards compatibility



Fixes #3490

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3518)

parent 0b20ad12

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -14,6 +14,10 @@
		than just the call where this user data is passed.
		[Richard Levitte]

		*) Ignore the '-named_curve auto' value for compatibility of applications
		with OpenSSL 1.0.2.
		[Tomas Mraz <tmraz@fedoraproject.org>]

		*) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2
		bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
		alerts across multiple records (some of which could be empty). In practice

ssl/ssl_conf.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -227,6 +227,14 @@ static int cmd_ECDHParameters(SSL_CONF_CTX cctx, const char value)
		EC_KEY *ecdh;
		int nid;

		/* Ignore values supported by 1.0.2 for the automatic selection */
		if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
		strcasecmp(value, "+automatic") == 0)
		return 1;
		if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
		strcmp(value, "auto") == 0)
		return 1;

		nid = EC_curve_nist2nid(value);
		if (nid == NID_undef)
		nid = OBJ_sn2nid(value);