From 03ebf85f7757c5da9f9d4fecb8ea1a1af18df46d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 12 Aug 2014 18:33:00 +0100
Subject: [PATCH] Fix SRP ciphersuites.

Add patch missed from backport of SRP ciphersuite fix.
PR#3490
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
---
 ssl/s3_lib.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4835bef1a7..e17f1267d5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3822,10 +3822,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		emask_k = cert->export_mask_k;
 		emask_a = cert->export_mask_a;
 #ifndef OPENSSL_NO_SRP
-		mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
-		emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
+		if (s->srp_ctx.srp_Mask & SSL_kSRP)
+			{
+			mask_k |= SSL_kSRP;
+			emask_k |= SSL_kSRP;
+			mask_a |= SSL_aSRP;
+			emask_a |= SSL_aSRP;
+			}
 #endif
-			
+
 #ifdef KSSL_DEBUG
 /*		printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
 #endif    /* KSSL_DEBUG */
-- 
2.34.1