From 9b1c0e006b9e7fde14b6719b40853e5c3557ec98 Mon Sep 17 00:00:00 2001
From: Antoine Salon <asalon@vmware.com>
Date: Fri, 30 Nov 2018 16:50:29 -0800
Subject: [PATCH] Fix usage of deprecated SSL_set_tmp_ecdh()

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7738)
---
 ssl/ssl_conf.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 9c202708d7..57f837d9be 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -225,7 +225,6 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
 static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv = 1;
-    EC_KEY *ecdh;
     int nid;
 
     /* Ignore values supported by 1.0.2 for the automatic selection */
@@ -242,14 +241,11 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
         nid = OBJ_sn2nid(value);
     if (nid == 0)
         return 0;
-    ecdh = EC_KEY_new_by_curve_name(nid);
-    if (!ecdh)
-        return 0;
+
     if (cctx->ctx)
-        rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
+        rv = SSL_CTX_set1_groups(cctx->ctx, &nid, 1);
     else if (cctx->ssl)
-        rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
-    EC_KEY_free(ecdh);
+        rv = SSL_set1_groups(cctx->ssl, &nid, 1);
 
     return rv > 0;
 }
-- 
2.25.1