Commit ededc88d authored Apr 20, 2018 by Matt Caswell

Improve backwards compat with 1.0.2 for ECDHParameters



In 1.0.2 you could configure automatic ecdh params by using the
ECDHParameters config directive and setting it to the value
"+Automatic" or just "Automatic". This is no longer required in 1.1.0+
but we still recognise the "+Automatic" keyword for backwards compatibility.
However we did not recognise just "Automatic" without the leading "+" which
is equally valid. This commit fixes that omission.

Fixes #4113

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6035)

parent 7fcdbd83

doc/man3/SSL_CONF_cmd.pod

+0 −4

Original line number	Diff line number	Diff line
		@@ -597,10 +597,6 @@ Set supported curves to P-256, P-384:

		SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");

		Set automatic support for any elliptic curve for key exchange:

		SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic");

		=head1 RETURN VALUES

		SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is

ssl/ssl_conf.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -229,8 +229,9 @@ static int cmd_ECDHParameters(SSL_CONF_CTX cctx, const char value)
		int nid;

		/* Ignore values supported by 1.0.2 for the automatic selection */
		if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
		strcasecmp(value, "+automatic") == 0)
		if ((cctx->flags & SSL_CONF_FLAG_FILE)
		&& (strcasecmp(value, "+automatic") == 0
		\|\| strcasecmp(value, "automatic") == 0))
		return 1;
		if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
		strcmp(value, "auto") == 0)