1 files changed, 39 insertions, 6 deletions

diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
index 92e726bc01..0a687082b7 100644
--- a/src/network/ssl/qsslcontext_openssl.cpp
+++ b/src/network/ssl/qsslcontext_openssl.cpp
@@ -2,6 +2,7 @@
 **
 ** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
 ** Copyright (C) 2014 BlackBerry Limited. All rights reserved.
+** Copyright (C) 2014 Governikus GmbH & Co. KG.
 ** Contact: http://www.qt-project.org/legal
 **
 ** This file is part of the QtNetwork module of the Qt Toolkit.
@@ -200,7 +201,7 @@ init_context:
 
     // Initialize ciphers
     QByteArray cipherString;
-    int first = true;
+    bool first = true;
     QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers();
     if (ciphers.isEmpty())
         ciphers = QSslSocketPrivate::defaultCiphers();
@@ -321,13 +322,45 @@ init_context:
     q_DH_free(dh);
 
 #ifndef OPENSSL_NO_EC
-    // Set temp ECDH params
-    EC_KEY *ecdh = 0;
-    ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-    q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh);
-    q_EC_KEY_free(ecdh);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+    if (q_SSLeay() >= 0x10002000L) {
+        q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL);
+    } else
+#endif
+    {
+        // Set temp ECDH params
+        EC_KEY *ecdh = 0;
+        ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+        q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh);
+        q_EC_KEY_free(ecdh);
+    }
 #endif // OPENSSL_NO_EC
 
+    const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves();
+    if (!qcurves.isEmpty()) {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
+        // Set the curves to be used
+        if (q_SSLeay() >= 0x10002000L) {
+            // SSL_CTX_ctrl wants a non-const pointer as last argument,
+            // but let's avoid a copy into a temporary array
+            if (!q_SSL_CTX_ctrl(sslContext->ctx,
+                                SSL_CTRL_SET_CURVES,
+                                qcurves.size(),
+                                const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) {
+                sslContext->errorStr = QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+                sslContext->errorCode = QSslError::UnspecifiedError;
+                return sslContext;
+            }
+        } else
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
+        {
+            // specific curves requested, but not possible to set -> error
+            sslContext->errorStr = QSslSocket::tr("Error when setting the elliptic curves (OpenSSL version too old, need at least v1.0.2)");
+            sslContext->errorCode = QSslError::UnspecifiedError;
+            return sslContext;
+        }
+    }
+
     return sslContext;
 }