Enforce our choice of allowed curves.

commit: ab24010b543abb65f0c73e24ee68615e6f24bd05 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Feb 04 16:18:07 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Feb 06 10:28:38 2014 +0100
tree: 5d248a87d39151d50ccffd380c719baa317aa51e
parent: 7f38ed0bfa18ea236d2cf21e502ab1a2ad5af3d5 [diff] [blame]
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index f4084e8..d610052 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -1168,7 +1168,10 @@
  *                 list of available certificates instead.
  *
  *                 On client: this affects the list of curves offered for any
- *                 use. The server can override our preferences.
+ *                 use. The server can override our preference order.
+ *
+ *                 Both sides: limits the set of curves used by peer to the
+ *                 listed curves for any use (ECDH(E), certificates).
  *
  * \param ssl      SSL context
  * \param curves   Ordered list of allowed curves,
@@ -1589,6 +1592,10 @@
 
 md_type_t ssl_md_alg_from_hash( unsigned char hash );
 
+#if defined(POLARSSL_SSL_SET_CURVES)
+int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id );
+#endif
+
 #if defined(POLARSSL_X509_CRT_PARSE_C)
 static inline pk_context *ssl_own_key( ssl_context *ssl )
 {
commit	ab24010b543abb65f0c73e24ee68615e6f24bd05	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Feb 04 16:18:07 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Feb 06 10:28:38 2014 +0100
tree	5d248a87d39151d50ccffd380c719baa317aa51e
parent	7f38ed0bfa18ea236d2cf21e502ab1a2ad5af3d5 [diff] [blame]