OpenSSL: Replace SSL_set1_curves_list() with SSL_set1_curves()

In practice, this does the same thing (i.e., allows only the P-384 curve
to be used), but using an older API function that happens to be
available in some BoringSSL builds while the newer one is not.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 316836784ae41f2cbc961a781a4e0137b769658c..7c53eb61c02e0546cebe49aa42a2c84c659105dc 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2483,6 +2483,7 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
                EC_KEY *ecdh;
                const char *ciphers =
                        "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384";
+               int nid[1] = { NID_secp384r1 };
 
                if (openssl_ciphers) {
                        wpa_printf(MSG_DEBUG,
@@ -2496,7 +2497,7 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
                        return -1;
                }
 
-               if (SSL_set1_curves_list(ssl, "P-384") != 1) {
+               if (SSL_set1_curves(ssl, nid, 1) != 1) {
                        wpa_printf(MSG_INFO,
                                   "OpenSSL: Failed to set Suite B curves");
                        return -1;