[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Apr 24 08:12:06 UTC 2018 

The branch master has been updated
       via  ededc88dd52029e4eb18b845703c8780e2d23c17 (commit)
      from  7fcdbd839c629f5419a49bf8da28c968c8140c3d (commit)


- Log -----------------------------------------------------------------
commit ededc88dd52029e4eb18b845703c8780e2d23c17
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 20 14:12:11 2018 +0100

    Improve backwards compat with 1.0.2 for ECDHParameters
    
    In 1.0.2 you could configure automatic ecdh params by using the
    ECDHParameters config directive and setting it to the value
    "+Automatic" or just "Automatic". This is no longer required in 1.1.0+
    but we still recognise the "+Automatic" keyword for backwards compatibility.
    However we did not recognise just "Automatic" without the leading "+" which
    is equally valid. This commit fixes that omission.
    
    Fixes #4113
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6035)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CONF_cmd.pod | 4 ----
 ssl/ssl_conf.c            | 5 +++--
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index e3dc42c..4d3e9c2 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -597,10 +597,6 @@ Set supported curves to P-256, P-384:
 
  SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
 
-Set automatic support for any elliptic curve for key exchange:
-
- SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic");
-
 =head1 RETURN VALUES
 
 SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 30e43d9..f1e8200 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -229,8 +229,9 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
     int nid;
 
     /* Ignore values supported by 1.0.2 for the automatic selection */
-    if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
-        strcasecmp(value, "+automatic") == 0)
+    if ((cctx->flags & SSL_CONF_FLAG_FILE)
+            && (strcasecmp(value, "+automatic") == 0
+                || strcasecmp(value, "automatic") == 0))
         return 1;
     if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
         strcmp(value, "auto") == 0)

More information about the openssl-commits mailing list