From 177816d2b80ba9bdedc075ec3d4dc1fb9fd823ab Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 18 Nov 2025 11:34:28 +0100 Subject: [PATCH] BUG/MINOR: acme: P-256 doesn't work with openssl >= 3.0 When trying to use the P-256 curve in the acme configuration with OpenSSL 3.x, the generation of the account was failing because OpenSSL doesn't return a NIST or SECG curve name, but a ANSI X9.62 one. Since the ANSI X9.62 curve names were not in the list, it couldn't match anything supported. This patch fixes the issue by adding both prime192v1 and prime256v1 name in the struct curve array which is used during curve parsing. Must be backported to 3.2. --- src/ssl_utils.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssl_utils.c b/src/ssl_utils.c index 01cac2771..eadcec24b 100644 --- a/src/ssl_utils.c +++ b/src/ssl_utils.c @@ -953,10 +953,12 @@ static struct curve { V( 17, NID_secp160r2, "secp160r2", NULL ), V( 18, NID_secp192k1, "secp192k1", NULL ), V( 19, NID_X9_62_prime192v1, "secp192r1", "P-192" ), + V( 19, NID_X9_62_prime192v1, "prime192v1", "P-192" ), V( 20, NID_secp224k1, "secp224k1", NULL ), V( 21, NID_secp224r1, "secp224r1", "P-224" ), V( 22, NID_secp256k1, "secp256k1", NULL ), V( 23, NID_X9_62_prime256v1, "secp256r1", "P-256" ), + V( 23, NID_X9_62_prime256v1, "prime256v1", "P-256" ), V( 24, NID_secp384r1, "secp384r1", "P-384" ), V( 25, NID_secp521r1, "secp521r1", "P-521" ), V( 26, NID_brainpoolP256r1, "brainpoolP256r1", NULL ),