Set TLS v1.2 disabled mask properly.

[openssl.git] / ssl / ssl_conf.c

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 0de97f8a78889196e55ae1aa8f64509cc62a423c..1f4c4dd1539d6b16df08cccd1543efda6ef4e0a9 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -253,7 +253,7 @@ static int cmd_curves(SSL_CONF_CTX *cctx, const char *value)
                rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
        return rv > 0;
        }
-
+#ifndef OPENSSL_NO_ECDH
 /* ECDH temporary parameters */
 static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
        {
@@ -272,7 +272,12 @@ static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
                        onoff = 0;
                        value++;
                        }
-               if (strcasecmp(value, "automatic"))
+               if (!strcasecmp(value, "automatic"))
+                       {
+                       if (onoff == -1)
+                               onoff = 1;
+                       }
+               else if (onoff != -1)
                        return 0;
                }
        else if (cctx->flags & SSL_CONF_FLAG_CMDLINE)
@@ -309,7 +314,7 @@ static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
 
        return rv > 0;
        }
-
+#endif
 static int cmd_cipher_list(SSL_CONF_CTX *cctx, const char *value)
        {
        int rv = 1;
@@ -373,7 +378,9 @@ static ssl_conf_cmd_tbl ssl_conf_cmds[] = {
        {cmd_sigalgs,           "SignatureAlgorithms", "sigalgs"},
        {cmd_client_sigalgs,    "ClientSignatureAlgorithms", "client_sigalgs"},
        {cmd_curves,            "Curves", "curves"},
+#ifndef OPENSSL_NO_ECDH
        {cmd_ecdhparam,         "ECDHParameters", "named_curve"},
+#endif
        {cmd_cipher_list,       "CipherString", "cipher"},
        {cmd_protocol,          "Protocol", NULL},
        {cmd_options,           "Options", NULL},
@@ -385,7 +392,7 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
        size_t i;
        if (cmd == NULL)
                {
-               SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_INVALID_NULL_CMD_NAME);
+               SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
                return 0;
                }
        /* If a prefix is set, check and skip */
@@ -442,7 +449,7 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
                        return -2;
                if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
                        {
-                       SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_BAD_VALUE);
+                       SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE);
                        ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
                        }
                return 0;
@@ -456,7 +463,7 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
 
        if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
                {
-               SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_UNKNOWN_CMD_NAME);
+               SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
                ERR_add_error_data(2, "cmd=", cmd);
                }