Add SSL::set_ecdh_auto()

This sets automatic curve selection and enables ECDH support.
Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.

3 files changed, 10 insertions, 0 deletions

diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
index 0e78b0ea..5a01318c 100644
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@@ -22,6 +22,7 @@ aes_ctr = []
 npn = []
 alpn = []
 rfc5114 = []
+ecdh_auto = []
 
 [dependencies]
 libc = "0.1"
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 3f5f7623..45d03ac8 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -675,6 +675,9 @@ extern "C" {
     pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long;
     #[link_name = "SSL_CTX_set_read_ahead_shim"]
     pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long;
+    #[cfg(feature = "ecdh_auto")]
+    #[link_name = "SSL_CTX_set_ecdh_auto_shim"]
+    pub fn SSL_CTX_set_ecdh_auto(ssl: *mut SSL_CTX, onoff: c_int) -> c_int;
     #[link_name = "SSL_set_tlsext_host_name_shim"]
     pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long;
     #[link_name = "SSL_CTX_set_tmp_dh_shim"]
diff --git a/openssl-sys/src/openssl_shim.c b/openssl-sys/src/openssl_shim.c
index ce0ee692..7fabe06e 100644
--- a/openssl-sys/src/openssl_shim.c
+++ b/openssl-sys/src/openssl_shim.c
@@ -85,6 +85,12 @@ long SSL_CTX_set_tmp_dh_shim(SSL_CTX *ctx, DH *dh) {
     return SSL_CTX_set_tmp_dh(ctx, dh);
 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x1000200L
+int SSL_CTX_set_ecdh_auto_shim(SSL_CTX *ctx, int onoff) {
+    return SSL_CTX_set_ecdh_auto(ctx, onoff);
+}
+#endif
+
 DH *DH_new_from_params(BIGNUM *p, BIGNUM *g, BIGNUM *q) {
     DH *dh;