-/* $OpenBSD: ssl.c,v 1.77 2015/10/16 21:13:33 sthen Exp $ */
+/* $OpenBSD: ssl.c,v 1.78 2015/10/21 16:45:13 jsing Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
ssl_set_ephemeral_key_exchange(ctx, dh);
DH_free(dh);
- ssl_set_ecdh_curve(ctx, SSL_ECDH_CURVE);
+ SSL_CTX_set_ecdh_auto(ctx, 1);
*ctxp = ctx;
return 1;
}
}
-void
-ssl_set_ecdh_curve(SSL_CTX *ctx, const char *curve)
-{
- int nid;
- EC_KEY *ecdh;
-
- if (curve == NULL)
- curve = SSL_ECDH_CURVE;
- if ((nid = OBJ_sn2nid(curve)) == 0) {
- ssl_error("ssl_set_ecdh_curve");
- fatal("ssl_set_ecdh_curve: unknown curve name "
- SSL_ECDH_CURVE);
- }
-
- if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
- ssl_error("ssl_set_ecdh_curve");
- fatal("ssl_set_ecdh_curve: unable to create curve "
- SSL_ECDH_CURVE);
- }
-
- SSL_CTX_set_tmp_ecdh(ctx, ecdh);
- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
- EC_KEY_free(ecdh);
-}
-
int
ssl_load_pkey(const void *data, size_t datalen, char *buf, off_t len,
X509 **x509ptr, EVP_PKEY **pkeyptr)
-/* $OpenBSD: ssl.h,v 1.11 2015/01/22 09:26:05 reyk Exp $ */
+/* $OpenBSD: ssl.h,v 1.12 2015/10/21 16:45:13 jsing Exp $ */
/*
* Copyright (c) 2013 Gilles Chehade <gilles@poolp.org>
*
*/
#define SSL_CIPHERS "HIGH:!aNULL:!MD5"
-#define SSL_ECDH_CURVE "prime256v1"
#define SSL_SESSION_TIMEOUT 300
struct pki {
DH *get_dh1024(void);
DH *get_dh_from_memory(char *, size_t);
void ssl_set_ephemeral_key_exchange(SSL_CTX *, DH *);
-void ssl_set_ecdh_curve(SSL_CTX *, const char *);
char *ssl_load_file(const char *, off_t *, mode_t);
char *ssl_load_key(const char *, off_t *, char *, mode_t, const char *);
projects / openbsd / commitdiff