- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the latter actually works before using it. Fedora (at least) has NID_secp521r1 that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).

commit: 37bcef51b3d9d496caecea6394814d2f49a1357f [log] [tgz]
author: Darren Tucker <dtucker@zip.com.au> Sat Nov 09 18:39:25 2013 +1100
committer: Darren Tucker <dtucker@zip.com.au> Sat Nov 09 18:39:25 2013 +1100
tree: c564402d96ca797f8b0248552ef78f4f9408ef8c
parent: 6e2fe81f926d995bae4be4a6b5b3c88c1c525187 [diff] [blame]
diff --git a/myproposal.h b/myproposal.h
index 56f8c4a..8da2ac9 100644
--- a/myproposal.h
+++ b/myproposal.h

@@ -29,6 +29,7 @@
 /* conditional algorithm support */
 
 #ifdef OPENSSL_HAS_ECC
+#ifdef OPENSSL_HAS_NISTP521
 # define KEX_ECDH_METHODS \
 	"ecdh-sha2-nistp256," \
 	"ecdh-sha2-nistp384," \
@@ -42,6 +43,17 @@
 	"ecdsa-sha2-nistp384," \
 	"ecdsa-sha2-nistp521,"
 #else
+# define KEX_ECDH_METHODS \
+	"ecdh-sha2-nistp256," \
+	"ecdh-sha2-nistp384,"
+# define HOSTKEY_ECDSA_CERT_METHODS \
+	"ecdsa-sha2-nistp256-cert-v01@openssh.com," \
+	"ecdsa-sha2-nistp384-cert-v01@openssh.com,"
+# define HOSTKEY_ECDSA_METHODS \
+	"ecdsa-sha2-nistp256," \
+	"ecdsa-sha2-nistp384,"
+#endif
+#else
 # define KEX_ECDH_METHODS
 # define HOSTKEY_ECDSA_CERT_METHODS
 # define HOSTKEY_ECDSA_METHODS
commit	37bcef51b3d9d496caecea6394814d2f49a1357f	[log] [tgz]
author	Darren Tucker <dtucker@zip.com.au>	Sat Nov 09 18:39:25 2013 +1100
committer	Darren Tucker <dtucker@zip.com.au>	Sat Nov 09 18:39:25 2013 +1100
tree	c564402d96ca797f8b0248552ef78f4f9408ef8c
parent	6e2fe81f926d995bae4be4a6b5b3c88c1c525187 [diff] [blame]