From 37bcef51b3d9d496caecea6394814d2f49a1357f Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sat, 9 Nov 2013 18:39:25 +1100
Subject:  - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the
 presence of    NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test
 that the    latter actually works before using it.  Fedora (at least) has
 NID_secp521r1    that doesn't work (see
 https://bugzilla.redhat.com/show_bug.cgi?id=1021897).

---
 myproposal.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'myproposal.h')

diff --git a/myproposal.h b/myproposal.h
index 56f8c4a8..8da2ac91 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -29,6 +29,7 @@
 /* conditional algorithm support */
 
 #ifdef OPENSSL_HAS_ECC
+#ifdef OPENSSL_HAS_NISTP521
 # define KEX_ECDH_METHODS \
 	"ecdh-sha2-nistp256," \
 	"ecdh-sha2-nistp384," \
@@ -42,6 +43,17 @@
 	"ecdsa-sha2-nistp384," \
 	"ecdsa-sha2-nistp521,"
 #else
+# define KEX_ECDH_METHODS \
+	"ecdh-sha2-nistp256," \
+	"ecdh-sha2-nistp384,"
+# define HOSTKEY_ECDSA_CERT_METHODS \
+	"ecdsa-sha2-nistp256-cert-v01@openssh.com," \
+	"ecdsa-sha2-nistp384-cert-v01@openssh.com,"
+# define HOSTKEY_ECDSA_METHODS \
+	"ecdsa-sha2-nistp256," \
+	"ecdsa-sha2-nistp384,"
+#endif
+#else
 # define KEX_ECDH_METHODS
 # define HOSTKEY_ECDSA_CERT_METHODS
 # define HOSTKEY_ECDSA_METHODS
-- 
cgit v1.2.1