Set TLS v1.2 disabled mask properly.

[openssl.git] / ssl / ssl_conf.c

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 23754739bb9720203a4eb20cf6ea58cbf9fffbf3..1f4c4dd1539d6b16df08cccd1543efda6ef4e0a9 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -253,7 +253,7 @@ static int cmd_curves(SSL_CONF_CTX *cctx, const char *value)
                rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
        return rv > 0;
        }
-
+#ifndef OPENSSL_NO_ECDH
 /* ECDH temporary parameters */
 static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
        {
@@ -272,7 +272,12 @@ static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
                        onoff = 0;
                        value++;
                        }
-               if (strcasecmp(value, "automatic"))
+               if (!strcasecmp(value, "automatic"))
+                       {
+                       if (onoff == -1)
+                               onoff = 1;
+                       }
+               else if (onoff != -1)
                        return 0;
                }
        else if (cctx->flags & SSL_CONF_FLAG_CMDLINE)
@@ -309,7 +314,7 @@ static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
 
        return rv > 0;
        }
-
+#endif
 static int cmd_cipher_list(SSL_CONF_CTX *cctx, const char *value)
        {
        int rv = 1;
@@ -373,7 +378,9 @@ static ssl_conf_cmd_tbl ssl_conf_cmds[] = {
        {cmd_sigalgs,           "SignatureAlgorithms", "sigalgs"},
        {cmd_client_sigalgs,    "ClientSignatureAlgorithms", "client_sigalgs"},
        {cmd_curves,            "Curves", "curves"},
+#ifndef OPENSSL_NO_ECDH
        {cmd_ecdhparam,         "ECDHParameters", "named_curve"},
+#endif
        {cmd_cipher_list,       "CipherString", "cipher"},
        {cmd_protocol,          "Protocol", NULL},
        {cmd_options,           "Options", NULL},