Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(23)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/base/opensslidentity.cc

Issue 2534773002: Set OPENSSL_EC_NAMED_CURVE explicitly on EC key so that certificate has ASN1 OID and NIST curve inf… (Closed)
Patch Set: Fixes BUG=webrtc:6763 Set OPENSSL_EC_NAMED_CURVE explicitly on EC key so that curve name is include… Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« AUTHORS ('K') | « AUTHORS ('k') | webrtc/base/opensslstreamadapter.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/base/opensslidentity.cc
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc
index 58a0cd8adeb2b2f48b7851cc02493c7918108fca..0ebf20bd6b3ba829bc4d58612ed67560fa3d665b 100644
--- a/webrtc/base/opensslidentity.cc
+++ b/webrtc/base/opensslidentity.cc
@@ -61,6 +61,13 @@ static EVP_PKEY* MakeKey(const KeyParams& key_params) {
} else if (key_params.type() == KT_ECDSA) {
if (key_params.ec_curve() == EC_NIST_P256) {
EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+
+ // Ensure curve name is included when EC key is serialized.
+ // Without this call, OpenSSL versions before 1.1.0 will create
+ // certificates that don't work for TLS.
+ // This is a no-op for BoringSSL and OpenSSL 1.1.0+
+ EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
+
if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
EVP_PKEY_free(pkey);
« AUTHORS ('K') | « AUTHORS ('k') | webrtc/base/opensslstreamadapter.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698