Add support for automatic ECDH temporary key parameter selection. When

enabled instead of requiring an application to hard code a (possibly inappropriate) parameter set and delve into EC internals we just automatically use the preferred curve.
2012-04-05 13:38:27 +00:00
parent 2131ce570a
commit a43526302f
10 changed files with 75 additions and 58 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2072,7 +2072,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #endif

 #ifndef OPENSSL_NO_ECDH
-	have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
+	have_ecdh_tmp=(c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
 #endif
 	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
 	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);