projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Tweak the check that a ciphersuite has not changed since the HRR
[openssl.git]
/
ssl
/
statem
/
statem_srvr.c
diff --git
a/ssl/statem/statem_srvr.c
b/ssl/statem/statem_srvr.c
index 0f55d2652d3e21925001419cbfe69128d39adff8..6f578168101e3d98f486fbe44daa10cad577b412 100644
(file)
--- a/
ssl/statem/statem_srvr.c
+++ b/
ssl/statem/statem_srvr.c
@@
-1615,8
+1615,9
@@
static int tls_early_post_process_client_hello(SSL *s, int *pal)
al = SSL_AD_HANDSHAKE_FAILURE;
goto err;
}
al = SSL_AD_HANDSHAKE_FAILURE;
goto err;
}
- if (s->hello_retry_request && s->s3->tmp.new_cipher != NULL
- && s->s3->tmp.new_cipher->id != cipher->id) {
+ if (s->hello_retry_request
+ && (s->s3->tmp.new_cipher == NULL
+ || s->s3->tmp.new_cipher->id != cipher->id)) {
/*
* A previous HRR picked a different ciphersuite to the one we
* just selected. Something must have changed.
/*
* A previous HRR picked a different ciphersuite to the one we
* just selected. Something must have changed.