From a893c56959251aaf4f20ff2a38cbc8f3fb4b4215 Mon Sep 17 00:00:00 2001
From: 10450300 <stefan.ruester@thyssenkrupp.com>
Date: Tue, 20 Feb 2018 11:09:58 +0100
Subject: [PATCH] bpo-32882: Added support for selecting X25519 in
 SSLContext.set_ecdh_curve().

---
 Lib/test/test_ssl.py                          |  4 +++
 Misc/ACKS                                     |  1 +
 .../2018-02-20-11-07-41.bpo-32882.ka7Gf4.rst  |  1 +
 Modules/_ssl.c                                | 26 +++++++------------
 4 files changed, 16 insertions(+), 16 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Library/2018-02-20-11-07-41.bpo-32882.ka7Gf4.rst

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index a253f51d2a440a..22346a69b395e5 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1239,6 +1239,10 @@ def test_set_ecdh_curve(self):
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
         ctx.set_ecdh_curve("prime256v1")
         ctx.set_ecdh_curve(b"prime256v1")
+        ctx.set_ecdh_curve("X25519")
+        ctx.set_ecdh_curve(b"X25519")
+        ctx.set_ecdh_curve("X25519:prime256v1")
+        ctx.set_ecdh_curve(b"X25519:prime256v1")
         self.assertRaises(TypeError, ctx.set_ecdh_curve)
         self.assertRaises(TypeError, ctx.set_ecdh_curve, None)
         self.assertRaises(ValueError, ctx.set_ecdh_curve, "foo")
diff --git a/Misc/ACKS b/Misc/ACKS
index ea1d9418870aa9..da244aae43f694 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -1362,6 +1362,7 @@ Craig Rowland
 Clinton Roy
 Paul Rubin
 Sam Ruby
+Stefan Rüster
 Demur Rumed
 Audun S. Runde
 Eran Rundstein
diff --git a/Misc/NEWS.d/next/Library/2018-02-20-11-07-41.bpo-32882.ka7Gf4.rst b/Misc/NEWS.d/next/Library/2018-02-20-11-07-41.bpo-32882.ka7Gf4.rst
new file mode 100644
index 00000000000000..0d7f4b1f3de2a3
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-02-20-11-07-41.bpo-32882.ka7Gf4.rst
@@ -0,0 +1 @@
+Added support for selecting X25519 in SSLContext.set_ecdh_curve().
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 7545e91babdb3f..173420eecf49ef 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3936,27 +3936,21 @@ _ssl__SSLContext_set_ecdh_curve(PySSLContext *self, PyObject *name)
 /*[clinic end generated code: output=23022c196e40d7d2 input=c2bafb6f6e34726b]*/
 {
     PyObject *name_bytes;
-    int nid;
-    EC_KEY *key;
 
     if (!PyUnicode_FSConverter(name, &name_bytes))
         return NULL;
     assert(PyBytes_Check(name_bytes));
-    nid = OBJ_sn2nid(PyBytes_AS_STRING(name_bytes));
-    Py_DECREF(name_bytes);
-    if (nid == 0) {
-        PyErr_Format(PyExc_ValueError,
-                     "unknown elliptic curve name %R", name);
-        return NULL;
-    }
-    key = EC_KEY_new_by_curve_name(nid);
-    if (key == NULL) {
-        _setSSLError(NULL, 0, __FILE__, __LINE__);
-        return NULL;
+
+    if(SSL_CTX_set1_curves_list(self->ctx, PyBytes_AS_STRING(name_bytes)))
+    {
+        Py_DECREF(name_bytes);
+        Py_RETURN_NONE;
     }
-    SSL_CTX_set_tmp_ecdh(self->ctx, key);
-    EC_KEY_free(key);
-    Py_RETURN_NONE;
+
+    Py_DECREF(name_bytes);
+    PyErr_Format(PyExc_ValueError,
+                 "invalid elliptic curves list %R", name);
+    return NULL;
 }
 #endif