static int cmd_curves(SSL_CONF_CTX *cctx, const char *value)
{
int rv;
- if (!(cctx->flags & SSL_CONF_FLAG_CLIENT))
- return -2;
if (cctx->ssl)
rv = SSL_set1_curves_list(cctx->ssl, value);
/* NB: ctx == NULL performs syntax checking only */
rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
return rv > 0;
}
-
+#ifndef OPENSSL_NO_ECDH
/* ECDH temporary parameters */
static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
{
onoff = 0;
value++;
}
- if (strcasecmp(value, "automatic"))
+ if (!strcasecmp(value, "automatic"))
+ {
+ if (onoff == -1)
+ onoff = 1;
+ }
+ else if (onoff != -1)
return 0;
}
else if (cctx->flags & SSL_CONF_FLAG_CMDLINE)
return rv > 0;
}
-
+#endif
static int cmd_cipher_list(SSL_CONF_CTX *cctx, const char *value)
{
int rv = 1;
rv = SSL_CTX_set_cipher_list(cctx->ctx, value);
if (cctx->ssl)
rv = SSL_set_cipher_list(cctx->ssl, value);
- return rv;
+ return rv > 0;
}
static int cmd_protocol(SSL_CONF_CTX *cctx, const char *value)
{cmd_sigalgs, "SignatureAlgorithms", "sigalgs"},
{cmd_client_sigalgs, "ClientSignatureAlgorithms", "client_sigalgs"},
{cmd_curves, "Curves", "curves"},
+#ifndef OPENSSL_NO_ECDH
{cmd_ecdhparam, "ECDHParameters", "named_curve"},
+#endif
{cmd_cipher_list, "CipherString", "cipher"},
{cmd_protocol, "Protocol", NULL},
{cmd_options, "Options", NULL},
size_t i;
if (cmd == NULL)
{
- SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_INVALID_NULL_CMD_NAME);
+ SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
return 0;
}
/* If a prefix is set, check and skip */
if (runcmd)
{
+ int rv;
if (value == NULL)
return -3;
- if (t->cmd(cctx, value))
+ rv = t->cmd(cctx, value);
+ if (rv > 0)
return 2;
+ if (rv == -2)
+ return -2;
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
{
- SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_BAD_VALUE);
+ SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE);
ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
}
- return -1;
+ return 0;
}
if (cctx->flags & SSL_CONF_FLAG_CMDLINE)
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
{
- SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_UNKNOWN_CMD_NAME);
+ SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
ERR_add_error_data(2, "cmd=", cmd);
}