Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9323)
SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups,
SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group,
SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups,
SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group,
-SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves,
-SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve
+SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list,
+SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve
- EC supported curve functions
=head1 SYNOPSIS
- EC supported curve functions
=head1 SYNOPSIS
int SSL_get1_groups(SSL *ssl, int *groups);
int SSL_get_shared_group(SSL *s, int n);
int SSL_get1_groups(SSL *ssl, int *groups);
int SSL_get_shared_group(SSL *s, int n);
+ int SSL_get_negotiated_group(SSL *s);
int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
so B<n> is normally set to zero. If the value B<n> is out of range,
NID_undef is returned.
so B<n> is normally set to zero. If the value B<n> is out of range,
NID_undef is returned.
+SSL_get_negotiated_group() returns the negotiated group on a TLSv1.3 connection
+for key exchange. This can be called by either client or server.
+
All these functions are implemented as macros.
The curve functions are synonyms for the equivalently named group functions and
All these functions are implemented as macros.
The curve functions are synonyms for the equivalently named group functions and
When called on a client B<ssl>, SSL_get_shared_group() has no meaning and
returns -1.
When called on a client B<ssl>, SSL_get_shared_group() has no meaning and
returns -1.
+SSL_get_negotiated_group() returns the NID of the negotiated group on a
+TLSv1.3 connection for key exchange. Or it returns NID_undef if no negotiated
+group.
+
=head1 SEE ALSO
L<SSL_CTX_add_extra_chain_cert(3)>
=head1 SEE ALSO
L<SSL_CTX_add_extra_chain_cert(3)>
=head1 HISTORY
The curve functions were added in OpenSSL 1.0.2. The equivalent group
=head1 HISTORY
The curve functions were added in OpenSSL 1.0.2. The equivalent group
-functions were added in OpenSSL 1.1.1.
+functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function
+was added in OpenSSL 3.0.0.