commit 5de2580563109decf0e883f7e7c414b933d35333
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Feb 03 15:56:49 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Feb 06 10:28:38 2014 +0100
tree 7d9cdc5babe9af2eb9a39af8dcb4611fbe83d3bf
parent 987bfb510bb84c893a67b134564109cbe4615af5

Make ssl_set_ecdh_curves() a compile-time option

include/polarssl/config.h

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 1ed203c..8c95c42 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -814,6 +814,22 @@
 #define POLARSSL_SSL_TRUNCATED_HMAC
 
 /**
+ * \def POLARSSL_SSL_SET_ECDH_CURVES
+ *
+ * Enable ssl_set_ecdh_curves().
+ *
+ * This is disabled by default since it breaks binary compatibility with the
+ * 1.3.x line. If you choose to enable it, you will need to rebuild your
+ * application against the new header files, relinking will not be enough.
+ * It will be enabled by default, or no longer an option, in the 1.4 branch.
+ *
+ * TODO: actually disable it when done working on this branch ,)
+ *
+ * Uncomment to make ssl_set_ecdh_curves() available.
+ */
+#define POLARSSL_SSL_SET_ECDH_CURVES
+
+/**
  * \def POLARSSL_THREADING_ALT
  *
  * Provide your own alternate threading implementation.

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 2b50304..2fdc01d 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -727,7 +727,8 @@
     int disable_renegotiation;          /*!<  enable/disable renegotiation   */
     int allow_legacy_renegotiation;     /*!<  allow legacy renegotiation     */
     const int *ciphersuite_list[4];     /*!<  allowed ciphersuites / version */
-#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
+    defined(POLARSSL_SSL_SET_ECDH_CURVES)
     const ecp_group_id *ecdh_curve_list;/*!<  allowed curves for ECDH */
 #endif
 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
@@ -1158,9 +1159,11 @@
 int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
+    defined(POLARSSL_SSL_SET_ECDH_CURVES)
 /**
  * \brief          Set the allowed ECDH curves.
+ *                 (Default: all defined curves.)
  *
  *                 The sequence of the curves in the list also determines the
  *                 handshake curve preference.
@@ -1168,7 +1171,8 @@
  * \param ssl      SSL context
  * \param ecdh_curve_list Zero terminated list of the allowed ECDH curves
  */
-void ssl_set_ecdh_curves( ssl_context *ssl, const ecp_group_id *ecdh_curve_list );
+void ssl_set_ecdh_curves( ssl_context *ssl,
+                          const ecp_group_id *ecdh_curve_list );
 #endif
 
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)