OpenSSL: Fix server side openssl_ecdh_curves configuration with 1.0.2
It looks like SSL_CTX_set1_curves_list() command alone is not sufficient to enable ECDH curve selection with older OpenSSL versions for TLS server, so enable automatic selection first and specify the exact list of curves after that. This fixes failures in openssl_ecdh_curves test case when hostapd uses OpenSSL 1.0.2. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
8ff2401d54
commit
6570949b2c
1 changed files with 3 additions and 0 deletions
|
|
@ -5037,6 +5037,9 @@ int tls_global_set_params(void *tls_ctx,
|
||||||
return -1;
|
return -1;
|
||||||
#else /* OPENSSL_IS_BORINGSSL || < 1.0.2 */
|
#else /* OPENSSL_IS_BORINGSSL || < 1.0.2 */
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
|
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
|
||||||
|
#endif
|
||||||
if (SSL_CTX_set1_curves_list(ssl_ctx,
|
if (SSL_CTX_set1_curves_list(ssl_ctx,
|
||||||
params->openssl_ecdh_curves) !=
|
params->openssl_ecdh_curves) !=
|
||||||
1) {
|
1) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue