Fix SRP authentication ciphersuites.

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b4964f29e4bbd2d229599ca90ae5977c21fe9a01..d7722ed812ba3327d3a2135df23d72eea5711250 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -327,9 +327,9 @@ int ssl3_connect(SSL *s)
                                break;
                                }
 #endif
-                       /* Check if it is anon DH/ECDH */
+                       /* Check if it is anon DH/ECDH, SRP auth */
                        /* or PSK */
-                       if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+                       if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) &&
                            !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                                {
                                ret=ssl3_get_server_certificate(s);
@@ -1916,8 +1916,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
                }
        else
                {
-               /* aNULL or kPSK do not need public keys */
-               if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
+               /* aNULL, aSRP or kPSK do not need public keys */
+               if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK))
                        {
                        /* Might be wrong key type, check it */
                        if (ssl3_check_cert_and_algorithm(s))