summaryrefslogtreecommitdiff
path: root/myproposal.h
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-11-09 18:39:25 +1100
committerDarren Tucker <dtucker@zip.com.au>2013-11-09 18:39:25 +1100
commit37bcef51b3d9d496caecea6394814d2f49a1357f (patch)
treec564402d96ca797f8b0248552ef78f4f9408ef8c /myproposal.h
parent6e2fe81f926d995bae4be4a6b5b3c88c1c525187 (diff)
- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the latter actually works before using it. Fedora (at least) has NID_secp521r1 that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
Diffstat (limited to 'myproposal.h')
-rw-r--r--myproposal.h12
1 files changed, 12 insertions, 0 deletions
diff --git a/myproposal.h b/myproposal.h
index 56f8c4a8..8da2ac91 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -29,6 +29,7 @@
/* conditional algorithm support */
#ifdef OPENSSL_HAS_ECC
+#ifdef OPENSSL_HAS_NISTP521
# define KEX_ECDH_METHODS \
"ecdh-sha2-nistp256," \
"ecdh-sha2-nistp384," \
@@ -42,6 +43,17 @@
"ecdsa-sha2-nistp384," \
"ecdsa-sha2-nistp521,"
#else
+# define KEX_ECDH_METHODS \
+ "ecdh-sha2-nistp256," \
+ "ecdh-sha2-nistp384,"
+# define HOSTKEY_ECDSA_CERT_METHODS \
+ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
+ "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
+# define HOSTKEY_ECDSA_METHODS \
+ "ecdsa-sha2-nistp256," \
+ "ecdsa-sha2-nistp384,"
+#endif
+#else
# define KEX_ECDH_METHODS
# define HOSTKEY_ECDSA_CERT_METHODS
# define HOSTKEY_ECDSA_METHODS