[trafficserver] branch master updated: fallback to curves list if available

Sun, 24 Mar 2019 16:34:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

masaori pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 8ba4843  fallback to curves list if available
8ba4843 is described below

commit 8ba48435cef6ee862e7ff13658742a96450e0cf2
Author: Valentin Gutierrez <[email protected]>
AuthorDate: Fri Mar 22 13:14:55 2019 +0100

    fallback to curves list if available
---
 doc/admin-guide/files/records.config.en.rst | 4 ++--
 iocore/net/SSLClientUtils.cc                | 6 +++++-
 iocore/net/SSLUtils.cc                      | 6 +++++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/doc/admin-guide/files/records.config.en.rst 
b/doc/admin-guide/files/records.config.en.rst
index eb380e4..d87e842 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -3209,7 +3209,7 @@ SSL Termination
 
    X25519:P-256:X448:P-521:P-384
 
-   This configuration works with OpenSSL v1.1.1 and above.
+   This configuration works with OpenSSL v1.0.2 and above.
 
 .. ts:cv:: CONFIG proxy.config.ssl.client.groups_list STRING <See notes under 
proxy.config.ssl.server.groups_list.>
 
@@ -3219,7 +3219,7 @@ SSL Termination
    group NIDs or names, for example "P-521:P-384:P-256". For
    instructions, see "Groups" section of `TLS1.3 - OpenSSLWiki 
<https://wiki.openssl.org/index.php/TLS1.3#Groups>`_.
 
-   This configuration works with OpenSSL v1.1.1 and above.
+   This configuration works with OpenSSL v1.0.2 and above.
 
 .. ts:cv:: CONFIG proxy.config.ssl.TLSv1 INT 1
 
diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc
index bb048a3..2a0023f 100644
--- a/iocore/net/SSLClientUtils.cc
+++ b/iocore/net/SSLClientUtils.cc
@@ -169,9 +169,13 @@ SSLInitClientContext(const SSLConfigParams *params)
   }
 #endif
 
-#ifdef SSL_CTX_set1_groups_list
+#if defined(SSL_CTX_set1_groups_list) || defined(SSL_CTX_set1_curves_list)
   if (params->client_groups_list != nullptr) {
+#ifdef SSL_CTX_set1_groups_list
     if (!SSL_CTX_set1_groups_list(client_ctx, params->client_groups_list)) {
+#else
+    if (!SSL_CTX_set1_curves_list(client_ctx, params->client_groups_list)) {
+#endif
       SSLError("invalid groups list for client in records.config");
       goto fail;
     }
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 41411ab..38009d5 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1333,9 +1333,13 @@ 
SSLMultiCertConfigLoader::init_server_ssl_ctx(std::vector<X509 *> &cert_list, co
   }
 #endif
 
-#ifdef SSL_CTX_set1_groups_list
+#if defined(SSL_CTX_set1_groups_list) || defined(SSL_CTX_set1_curves_list)
   if (params->server_groups_list != nullptr) {
+#ifdef SSL_CTX_set1_groups_list
     if (!SSL_CTX_set1_groups_list(ctx, params->server_groups_list)) {
+#else
+    if (!SSL_CTX_set1_curves_list(ctx, params->server_groups_list)) {
+#endif
       SSLError("invalid groups list for server in records.config");
       goto fail;
     }

Reply via email to