[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Jun 8 20:28:51 UTC 2017
The branch master has been updated
via 1c7aa0dbf16c3389bbedd13391bb653e7a189603 (commit)
from 0b20ad127ce86b05a854f31d51d91312c86ccc74 (commit)
- Log -----------------------------------------------------------------
commit 1c7aa0dbf16c3389bbedd13391bb653e7a189603
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Mon May 22 16:20:21 2017 +0200
Ignore -named_curve auto value to improve backwards compatibility
Fixes #3490
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3518)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 4 ++++
ssl/ssl_conf.c | 8 ++++++++
2 files changed, 12 insertions(+)
diff --git a/CHANGES b/CHANGES
index 0e8d922..97bfa55 100644
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,10 @@
than just the call where this user data is passed.
[Richard Levitte]
+ *) Ignore the '-named_curve auto' value for compatibility of applications
+ with OpenSSL 1.0.2.
+ [Tomas Mraz <tmraz at fedoraproject.org>]
+
*) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2
bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
alerts across multiple records (some of which could be empty). In practice
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 41c7ff7..ab0a94d 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -227,6 +227,14 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
EC_KEY *ecdh;
int nid;
+ /* Ignore values supported by 1.0.2 for the automatic selection */
+ if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
+ strcasecmp(value, "+automatic") == 0)
+ return 1;
+ if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
+ strcmp(value, "auto") == 0)
+ return 1;
+
nid = EC_curve_nist2nid(value);
if (nid == NID_undef)
nid = OBJ_sn2nid(value);
More information about the openssl-commits
mailing list