The branch master has been updated via ededc88dd52029e4eb18b845703c8780e2d23c17 (commit) from 7fcdbd839c629f5419a49bf8da28c968c8140c3d (commit)
- Log ----------------------------------------------------------------- commit ededc88dd52029e4eb18b845703c8780e2d23c17 Author: Matt Caswell <m...@openssl.org> Date: Fri Apr 20 14:12:11 2018 +0100 Improve backwards compat with 1.0.2 for ECDHParameters In 1.0.2 you could configure automatic ecdh params by using the ECDHParameters config directive and setting it to the value "+Automatic" or just "Automatic". This is no longer required in 1.1.0+ but we still recognise the "+Automatic" keyword for backwards compatibility. However we did not recognise just "Automatic" without the leading "+" which is equally valid. This commit fixes that omission. Fixes #4113 Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6035) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CONF_cmd.pod | 4 ---- ssl/ssl_conf.c | 5 +++-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index e3dc42c..4d3e9c2 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -597,10 +597,6 @@ Set supported curves to P-256, P-384: SSL_CONF_cmd(ctx, "Curves", "P-256:P-384"); -Set automatic support for any elliptic curve for key exchange: - - SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic"); - =head1 RETURN VALUES SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 30e43d9..f1e8200 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -229,8 +229,9 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) int nid; /* Ignore values supported by 1.0.2 for the automatic selection */ - if ((cctx->flags & SSL_CONF_FLAG_FILE) && - strcasecmp(value, "+automatic") == 0) + if ((cctx->flags & SSL_CONF_FLAG_FILE) + && (strcasecmp(value, "+automatic") == 0 + || strcasecmp(value, "automatic") == 0)) return 1; if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && strcmp(value, "auto") == 0) _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits