jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Fix server side openssl_ecdh_curves configuration with 1.0.2

Browse source 
It looks like SSL_CTX_set1_curves_list() command alone is not sufficient
to enable ECDH curve selection with older OpenSSL versions for TLS
server, so enable automatic selection first and specify the exact list
of curves after that.

This fixes failures in openssl_ecdh_curves test case when hostapd uses
OpenSSL 1.0.2.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-04-13 16:53:19 +03:00
parent 8ff2401d54
commit 6570949b2c
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/crypto/tls_openssl.c
View file

@ -5037,6 +5037,9 @@ int tls_global_set_params(void *tls_ctx,
return -1;
#else /* OPENSSL_IS_BORINGSSL || < 1.0.2 */
#ifndef OPENSSL_NO_EC
#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
#endif
if (SSL_CTX_set1_curves_list(ssl_ctx,
params->openssl_ecdh_curves) !=
1) {