[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue Apr 24 08:15:10 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  c5ed6c553a2efe7abf84ceed5fe38769621a3807 (commit)
      from  2172133d0dc58256bf776da074c0d1944fef15cb (commit)


- Log -----------------------------------------------------------------
commit c5ed6c553a2efe7abf84ceed5fe38769621a3807
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 20 14:12:11 2018 +0100

    Improve backwards compat with 1.0.2 for ECDHParameters
    
    In 1.0.2 you could configure automatic ecdh params by using the
    ECDHParameters config directive and setting it to the value
    "+Automatic" or just "Automatic". This is no longer required in 1.1.0+
    but we still recognise the "+Automatic" keyword for backwards compatibility.
    However we did not recognise just "Automatic" without the leading "+" which
    is equally valid. This commit fixes that omission.
    
    Fixes #4113
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6036)

-----------------------------------------------------------------------

Summary of changes:
 doc/ssl/SSL_CONF_cmd.pod | 4 ----
 ssl/ssl_conf.c           | 5 +++--
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index a28e218..12fdcab 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -506,10 +506,6 @@ Set supported curves to P-256, P-384:
 
  SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
 
-Set automatic support for any elliptic curve for key exchange:
-
- SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic");
-
 =head1 RETURN VALUES
 
 SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 7f89488..9d9309a 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -222,8 +222,9 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
     int nid;
 
     /* Ignore values supported by 1.0.2 for the automatic selection */
-    if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
-        strcasecmp(value, "+automatic") == 0)
+    if ((cctx->flags & SSL_CONF_FLAG_FILE)
+            && (strcasecmp(value, "+automatic") == 0
+                || strcasecmp(value, "automatic") == 0))
         return 1;
     if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
         strcmp(value, "auto") == 0)


More information about the openssl-commits mailing list