Commit 1c7aa0db authored by Tomas Mraz's avatar Tomas Mraz Committed by Matt Caswell
Browse files

Ignore -named_curve auto value to improve backwards compatibility 



Fixes #3490

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3518)
parent 0b20ad12

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -14,6 +14,10 @@ 
     than just the call where this user data is passed.

     [Richard Levitte]













  *) Ignore the '-named_curve auto' value for compatibility of applications













     with OpenSSL 1.0.2.













     [Tomas Mraz <tmraz@fedoraproject.org>]



























  *) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2















     bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such















     alerts across multiple records (some of which could be empty). In practice

































ssl/ssl_conf.c



+8
−0






























Original line number
Diff line number
Diff line








@@ -227,6 +227,14 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)













    EC_KEY *ecdh;















    int nid;





























    /* Ignore values supported by 1.0.2 for the automatic selection */













    if ((cctx->flags & SSL_CONF_FLAG_FILE) &&













        strcasecmp(value, "+automatic") == 0)













        return 1;













    if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&













        strcmp(value, "auto") == 0)













        return 1;





























    nid = EC_curve_nist2nid(value);















    if (nid == NID_undef)















        nid = OBJ_sn2nid(value);