Add a tls_config_set_ecdhecurves() function to libtls, which allows the

names of the elliptic curves that may be used during client and server
key exchange to be specified.

This deprecates tls_config_set_ecdhecurve(), which could only be used to
specify a single supported curve.

ok beck@

1 files changed, 3 insertions, 2 deletions

diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 1a6701b581..cc8627f2af 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.50 2017/07/06 17:12:22 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.51 2017/08/10 18:18:30 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -109,7 +109,8 @@ int tls_config_set_crl_file(struct tls_config *_config, const char *_crl_file);
 int tls_config_set_crl_mem(struct tls_config *_config, const uint8_t *_crl,
     size_t _len);
 int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
-int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_name);
+int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_curve);
+int tls_config_set_ecdhecurves(struct tls_config *_config, const char *_curves);
 int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
 int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
     size_t _len);