ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Use uncompressed point conversion form for 'tls ephemeral' ECC keys

Browse Source 
GnuTLS, NSS, and possibly other TLS libraries currently fail to work
with compressed point conversion form supported by OpenSSL.

Use uncompressed point conversion form for better compatibility.
This commit is contained in:
Aram Sargsyan
2022-01-07 20:37:46 +00:00
parent 2eee9242e3
commit 0a19b5cd62
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/isc/tls.c
View File

@@ -317,16 +317,16 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
goto ssl_error;
}
/* We use a named curve and compressed point conversion form. */
/* Use a named curve and uncompressed point conversion form. */
#if HAVE_EVP_PKEY_GET0_EC_KEY
EC_KEY_set_asn1_flag(EVP_PKEY_get0_EC_KEY(pkey),
OPENSSL_EC_NAMED_CURVE);
EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pkey),
POINT_CONVERSION_COMPRESSED);
POINT_CONVERSION_UNCOMPRESSED);
#else
EC_KEY_set_asn1_flag(pkey->pkey.ec, OPENSSL_EC_NAMED_CURVE);
EC_KEY_set_conv_form(pkey->pkey.ec,
POINT_CONVERSION_COMPRESSED);
POINT_CONVERSION_UNCOMPRESSED);
#endif /* HAVE_EVP_PKEY_GET0_EC_KEY */
#if defined(SSL_CTX_set_ecdh_auto)