- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of

NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the latter actually works before using it. Fedora (at least) has NID_secp521r1 that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
author: Darren Tucker <dtucker@zip.com.au> 2013-11-09 18:39:25 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2013-11-09 18:39:25 +1100
commit: 37bcef51b3d9d496caecea6394814d2f49a1357f (patch)
tree: c564402d96ca797f8b0248552ef78f4f9408ef8c /myproposal.h
parent: 6e2fe81f926d995bae4be4a6b5b3c88c1c525187 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/myproposal.h b/myproposal.h
index 56f8c4a84..8da2ac91f 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -29,6 +29,7 @@
 /* conditional algorithm support */
 #ifdef OPENSSL_HAS_ECC
+#ifdef OPENSSL_HAS_NISTP521
 # define KEX_ECDH_METHODS \
        "ecdh-sha2-nistp256," \
        "ecdh-sha2-nistp384," \
@@ -42,6 +43,17 @@
        "ecdsa-sha2-nistp384," \
        "ecdsa-sha2-nistp521,"
 #else
+# define KEX_ECDH_METHODS \
+        "ecdh-sha2-nistp256," \
+        "ecdh-sha2-nistp384,"
+# define HOSTKEY_ECDSA_CERT_METHODS \
+        "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
+        "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
+# define HOSTKEY_ECDSA_METHODS \
+        "ecdsa-sha2-nistp256," \
+        "ecdsa-sha2-nistp384,"
+#endif
+#else
 # define KEX_ECDH_METHODS
 # define HOSTKEY_ECDSA_CERT_METHODS
 # define HOSTKEY_ECDSA_METHODS
author	Darren Tucker <dtucker@zip.com.au>	2013-11-09 18:39:25 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2013-11-09 18:39:25 +1100
commit	37bcef51b3d9d496caecea6394814d2f49a1357f (patch)
tree	c564402d96ca797f8b0248552ef78f4f9408ef8c /myproposal.h
parent	6e2fe81f926d995bae4be4a6b5b3c88c1c525187 (diff)