From 59d37902343656c1317d80f1ef5c7bdc550a1294 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 22 May 2017 16:20:21 +0200 Subject: [PATCH] Ignore -named_curve auto value to improve backwards compatibility Fixes #3490 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3518) (cherry picked from commit 1c7aa0dbf16c3389bbedd13391bb653e7a189603) --- CHANGES | 4 +++- ssl/ssl_conf.c | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 52d1fb42dd..f13c6d11f4 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,9 @@ Changes between 1.1.0f and 1.1.0g [xx XXX xxxx] - *) + *) Ignore the '-named_curve auto' value for compatibility of applications + with OpenSSL 1.0.2. + [Tomas Mraz ] Changes between 1.1.0e and 1.1.0f [25 May 2017] diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 3957946092..88e4103820 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -221,6 +221,14 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) EC_KEY *ecdh; int nid; + /* Ignore values supported by 1.0.2 for the automatic selection */ + if ((cctx->flags & SSL_CONF_FLAG_FILE) && + strcasecmp(value, "+automatic") == 0) + return 1; + if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && + strcmp(value, "auto") == 0) + return 1; + nid = EC_curve_nist2nid(value); if (nid == NID_undef) nid = OBJ_sn2nid(value); -- 2.25.1