Set OPENSSL_EC_NAMED_CURVE explicitly on EC key so that certificate has ASN1 OID and NIST curve info. Without this openSSL handshake negotiation fails throwing NO_SHARED_CIPHER error. the change made is along the lines of openssl behavior documented here: https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman#ECDH_and_Named_Curves

tested with openssl 1.0.2j

BUG=webrtc:6763

Review-Url: https://codereview.webrtc.org/2534773002
Cr-Commit-Position: refs/heads/master@{#15536}

AUTHORS

@@ -31,6 +31,7 @@ Ralph Giles <giles@ghostscript.com>
 Riku Voipio <riku.voipio@linaro.org>
 Robert Nagy <robert.nagy@gmail.com>
 Ryan Yoakum <ryoakum@skobalt.com>
+Satender Saroha <ssaroha@yahoo.com>
 Sarah Thompson <sarah@telergy.com>
 Saul Kravitz <Saul.Kravitz@celera.com>
 Silviu Caragea <silviu.cpp@gmail.com>

webrtc/base/opensslidentity.cc

@@ -61,6 +61,13 @@ static EVP_PKEY* MakeKey(const KeyParams& key_params) {
   } else if (key_params.type() == KT_ECDSA) {
     if (key_params.ec_curve() == EC_NIST_P256) {
       EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+
+      // Ensure curve name is included when EC key is serialized.
+      // Without this call, OpenSSL versions before 1.1.0 will create
+      // certificates that don't work for TLS.
+      // This is a no-op for BoringSSL and OpenSSL 1.1.0+
+      EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
+
       if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
           !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
         EVP_PKEY_free(pkey);

webrtc/base/opensslstreamadapter.cc

@@ -20,6 +20,7 @@
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_IS_BORINGSSL
 #include <openssl/dtls1.h>
+#include <openssl/ssl.h>
 #endif
 
 #include <memory>