Add support for automatic ECDH temporary key parameter selection. When

enabled instead of requiring an application to hard code a (possibly inappropriate) parameter set and delve into EC internals we just automatically use the preferred curve. (backport from HEAD)
2012-04-06 20:15:50 +00:00
parent c132ca95c0
commit e46c807e4f
10 changed files with 75 additions and 58 deletions
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1693,10 +1693,11 @@ bad:
 		{
 		EC_KEY *ecdh=NULL;

-		if (named_curve)
+		if (named_curve && strcmp(named_curve, "auto"))
 			{
-			int nid = OBJ_sn2nid(named_curve);
-
+			int nid = EC_curve_nist2nid(named_curve);
+			if (nid == NID_undef)
+				nid = OBJ_sn2nid(named_curve);
 			if (nid == 0)
 				{
 				BIO_printf(bio_err, "unknown curve name (%s)\n", 
@@ -1716,6 +1717,8 @@ bad:
 			{
 			BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
 			}
+		else if (named_curve)
+			SSL_CTX_set_ecdh_auto(ctx, 1);
 		else
 			{
 			BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");