diff options
Diffstat (limited to 'lib/vtls/openssl.c')
| -rw-r--r-- | lib/vtls/openssl.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 09f331418..ce6f8445a 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -200,6 +200,10 @@ !defined(OPENSSL_IS_BORINGSSL)) #define HAVE_SSL_CTX_SET_CIPHERSUITES #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH +/* SET_EC_CURVES available under the same preconditions: see + * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html + */ +#define HAVE_SSL_CTX_SET_EC_CURVES #endif #if defined(LIBRESSL_VERSION_NUMBER) @@ -2800,6 +2804,18 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) SSL_CTX_set_post_handshake_auth(backend->ctx, 1); #endif +#ifdef HAVE_SSL_CTX_SET_EC_CURVES + { + char *curves = SSL_CONN_CONFIG(curves); + if(curves) { + if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) { + failf(data, "failed setting curves list: '%s'", curves); + return CURLE_SSL_CIPHER; + } + } + } +#endif + #ifdef HAVE_OPENSSL_SRP if(ssl_authtype == CURL_TLSAUTH_SRP) { char * const ssl_username = SSL_SET_OPTION(username); |