OpenSearch/libs/ssl-config/src
Ioannis Kakavas 0f51934bcf
[7.x] Add support for more named curves (#55179) (#55211)
We implicitly only supported the prime256v1 ( aka secp256r1 )
curve for the EC keys we read as PEM files to be used in any
SSL Context. We would not fail when trying to read a key
pair using a different curve but we would silently assume
that it was using `secp256r1` which would lead to strange
TLS handshake issues if the curve was actually another one.

This commit fixes that behavior in that it
supports parsing EC keys that use any of the named curves
defined in rfc5915 and rfc5480 making no assumptions about
whether the security provider in use supports them (JDK8 and
higher support all the curves defined in rfc5480).
2020-04-15 12:33:40 +03:00
..
main/java/org/elasticsearch/common/ssl [7.x] Add support for more named curves (#55179) (#55211) 2020-04-15 12:33:40 +03:00
test [7.x] Add support for more named curves (#55179) (#55211) 2020-04-15 12:33:40 +03:00