jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Replace SSL_set1_curves_list() with SSL_set1_curves()

Browse source 
In practice, this does the same thing (i.e., allows only the P-384 curve
to be used), but using an older API function that happens to be
available in some BoringSSL builds while the newer one is not.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-02-19 16:00:19 +02:00 committed by Jouni Malinen
parent 007bf37e4b
commit 3552502344
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/crypto/tls_openssl.c
View file

@ -2483,6 +2483,7 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
EC_KEY *ecdh;
const char *ciphers =
"ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384";
int nid[1] = { NID_secp384r1 };
if (openssl_ciphers) {
wpa_printf(MSG_DEBUG,
@ -2496,7 +2497,7 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
return -1;
}
if (SSL_set1_curves_list(ssl, "P-384") != 1) {
if (SSL_set1_curves(ssl, nid, 1) != 1) {
wpa_printf(MSG_INFO,
"OpenSSL: Failed to set Suite B curves");
return -1;