From f42035acfafef5f2efe92cd8eef619164f7144f2 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 3 Oct 2014 13:58:18 +0000
Subject: Add support for automatic ephemeral EC keys.

This allows an SSL server to enable ECDHE ciphers with a single setting,
which results in an EC key being generated using the first preference
shared curve.

Based on OpenSSL with inspiration from boringssl.

ok miod@
---
 src/lib/libssl/ssl_cert.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_cert.c')

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 6aae59e310..6f1815067b 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.41 2014/07/10 08:25:00 guenther Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.42 2014/10/03 13:58:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -244,6 +244,7 @@ ssl_cert_dup(CERT *cert)
 		}
 	}
 	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
+	ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
 
 	for (i = 0; i < SSL_PKEY_NUM; i++) {
 		if (cert->pkeys[i].x509 != NULL) {
-- 
cgit v1.2.3-55-g6feb