Unrelated: fix warnings about NSS kex algorithms.

diff --git a/configure.ac b/configure.ac
index d4ddda1c354a882a878c3df58e1064227fba8a69..523552a767aec1dcfd4996dcaa9019b749b66b07 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -979,6 +979,23 @@ if test "x$enable_nss" = "xyes"; then
      [have_nss=no; AC_MSG_ERROR([You asked for NSS but I can't find it, $pkg_config_user_action, or set NSS_CFLAGS and NSS_LIBS.])])
   AC_SUBST(NSS_CFLAGS)
   AC_SUBST(NSS_LIBS)
+
+  save_CFLAGS="$CFLAGS"
+  save_LIBS="$LIBS"
+  LIBS="$LIBS $NSS_LIBS"
+  CFLAGS="$CFLAGS $NSS_CFLAGS"
+  AC_MSG_CHECKING([whether NSS defines ssl_kea_ecdh_hybrid(_psk)])
+  AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+    #include <sslt.h>
+    int v = (int) ssl_kea_ecdh_hybrid_psk;
+    int v2 = (int) ssl_kea_ecdh_hybrid;
+    ]], [[]])],
+    [ AC_MSG_RESULT([yes]);
+      AC_DEFINE(NSS_HAS_ECDH_HYBRID, 1, [whether nss defines ecdh_hybrid key exchange.])
+    ],
+    [ AC_MSG_RESULT([no]) ])
+  LIBS="$save_LIBS"
+  CPPFLAGS="$save_CPPFLAGS"
 fi
 
 dnl ------------------------------------------------------

diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index 40e74117e0badd5e0e0241178cac4be9a8d5729f..d088d32e01c98b5d88ec97c87275587adc0f113a 100644 (file)
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -76,6 +76,11 @@ we_like_ssl_kea(SSLKEAType kt)
     case ssl_kea_ecdh_psk: return false;
     case ssl_kea_dh_psk: return false;
 
+#ifdef NSS_HAS_ECDH_HYBRID
+    case ssl_kea_ecdh_hybrid_psk: return false;
+    case ssl_kea_ecdh_hybrid: return true;
+#endif
+
     case ssl_kea_dh: return true;
     case ssl_kea_ecdh: return true;
     case ssl_kea_tls13_any: return true;