Set TLS v1.2 disabled mask properly.

[openssl.git] / ssl / ssl_conf.c

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 59487568834bd4161a6a11f01d57055d86b32c16..1f4c4dd1539d6b16df08cccd1543efda6ef4e0a9 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -246,8 +246,6 @@ static int cmd_client_sigalgs(SSL_CONF_CTX *cctx, const char *value)
 static int cmd_curves(SSL_CONF_CTX *cctx, const char *value)
        {
        int rv;
-       if (!(cctx->flags & SSL_CONF_FLAG_CLIENT))
-               return -2;
        if (cctx->ssl)
                rv = SSL_set1_curves_list(cctx->ssl, value);
        /* NB: ctx == NULL performs syntax checking only */
@@ -255,7 +253,7 @@ static int cmd_curves(SSL_CONF_CTX *cctx, const char *value)
                rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
        return rv > 0;
        }
-
+#ifndef OPENSSL_NO_ECDH
 /* ECDH temporary parameters */
 static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
        {
@@ -274,7 +272,12 @@ static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
                        onoff = 0;
                        value++;
                        }
-               if (strcasecmp(value, "automatic"))
+               if (!strcasecmp(value, "automatic"))
+                       {
+                       if (onoff == -1)
+                               onoff = 1;
+                       }
+               else if (onoff != -1)
                        return 0;
                }
        else if (cctx->flags & SSL_CONF_FLAG_CMDLINE)
@@ -311,7 +314,7 @@ static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
 
        return rv > 0;
        }
-
+#endif
 static int cmd_cipher_list(SSL_CONF_CTX *cctx, const char *value)
        {
        int rv = 1;
@@ -319,7 +322,7 @@ static int cmd_cipher_list(SSL_CONF_CTX *cctx, const char *value)
                rv = SSL_CTX_set_cipher_list(cctx->ctx, value);
        if (cctx->ssl)
                rv = SSL_set_cipher_list(cctx->ssl, value);
-       return rv;
+       return rv > 0;
        }
 
 static int cmd_protocol(SSL_CONF_CTX *cctx, const char *value)
@@ -375,7 +378,9 @@ static ssl_conf_cmd_tbl ssl_conf_cmds[] = {
        {cmd_sigalgs,           "SignatureAlgorithms", "sigalgs"},
        {cmd_client_sigalgs,    "ClientSignatureAlgorithms", "client_sigalgs"},
        {cmd_curves,            "Curves", "curves"},
+#ifndef OPENSSL_NO_ECDH
        {cmd_ecdhparam,         "ECDHParameters", "named_curve"},
+#endif
        {cmd_cipher_list,       "CipherString", "cipher"},
        {cmd_protocol,          "Protocol", NULL},
        {cmd_options,           "Options", NULL},
@@ -387,7 +392,7 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
        size_t i;
        if (cmd == NULL)
                {
-               SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_INVALID_NULL_CMD_NAME);
+               SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
                return 0;
                }
        /* If a prefix is set, check and skip */
@@ -434,16 +439,20 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
 
        if (runcmd)
                {
+               int rv;
                if (value == NULL)
                        return -3;
-               if (t->cmd(cctx, value))
+               rv = t->cmd(cctx, value);
+               if (rv > 0)
                        return 2;
+               if (rv == -2)
+                       return -2;
                if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
                        {
-                       SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_BAD_VALUE);
+                       SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE);
                        ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
                        }
-               return -1;
+               return 0;
                }
 
        if (cctx->flags & SSL_CONF_FLAG_CMDLINE)
@@ -454,7 +463,7 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
 
        if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
                {
-               SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_UNKNOWN_CMD_NAME);
+               SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
                ERR_add_error_data(2, "cmd=", cmd);
                }