From 633703babf8d9a88da85f23b800e1b88dec7cdbd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 May 2019 10:50:29 +1000 Subject: [PATCH] Conditionalize ECDH methods in CA algos. When building against an OpenSSL configured without ECC, don't include those algos in CASignatureAlgorithms. ok djm@ --- myproposal.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/myproposal.h b/myproposal.h index f16729876..9205fb343 100644 --- a/myproposal.h +++ b/myproposal.h @@ -136,9 +136,7 @@ /* Not a KEX value, but here so all the algorithm defaults are together */ #define SSH_ALLOWED_CA_SIGALGS \ - "ecdsa-sha2-nistp256," \ - "ecdsa-sha2-nistp384," \ - "ecdsa-sha2-nistp521," \ + KEX_ECDH_METHODS \ "ssh-ed25519," \ "rsa-sha2-512," \ "rsa-sha2-256," \