httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1569005 - in /httpd/httpd/branches/2.4.x: ./ STATUS modules/ssl/ssl_engine_init.c
Date Mon, 17 Feb 2014 14:11:38 GMT
Author: jim
Date: Mon Feb 17 14:11:38 2014
New Revision: 1569005

URL: http://svn.apache.org/r1569005
Log:
Merge r1563420 from trunk:

enable auto curve selection for ephemeral ECDH keys
when compiled against OpenSSL 1.0.2 or later

Submitted by: kbrand
Reviewed/backported by: jim

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1563420

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1569005&r1=1569004&r2=1569005&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Feb 17 14:11:38 2014
@@ -98,11 +98,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_ssl: enable auto curve selection for ECDHE / OpenSSL 1.0.2
-     trunk patch: https://svn.apache.org/r1563420
-     2.4.x patch: trunk patch works
-     +1: kbrand, drh, ylavic
-
    * mod_remoteip: Correct the trusted proxy match test. PR54651
      trunk patch: https://svn.apache.org/r1564052
      2.4.x patch: trunk works

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1569005&r1=1569004&r2=1569005&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Mon Feb 17 14:11:38 2014
@@ -1083,11 +1083,16 @@ static apr_status_t ssl_init_server_cert
                      OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
     }
     /*
-     * ...otherwise, configure NIST P-256 (required to enable ECDHE)
+     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
+     * or configure NIST P-256 (required to enable ECDHE for earlier versions)
      */
     else {
+#if defined(SSL_CTX_set_ecdh_auto)
+        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
+#else
         SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
                              EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+#endif
     }
 #endif
 



Mime
View raw message