Fix SRP ciphersuites.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 12 Aug 2014 17:33:00 +0000 (18:33 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 12 Aug 2014 19:42:27 +0000 (20:42 +0100)
Add patch missed from backport of SRP ciphersuite fix.
PR#3490
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
ssl/s3_lib.c

index 4835bef..e17f126 100644 (file)
@@ -3822,10 +3822,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                emask_k = cert->export_mask_k;
                emask_a = cert->export_mask_a;
 #ifndef OPENSSL_NO_SRP
-               mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
-               emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
+               if (s->srp_ctx.srp_Mask & SSL_kSRP)
+                       {
+                       mask_k |= SSL_kSRP;
+                       emask_k |= SSL_kSRP;
+                       mask_a |= SSL_aSRP;
+                       emask_a |= SSL_aSRP;
+                       }
 #endif
-                       
+
 #ifdef KSSL_DEBUG
 /*             printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
 #endif    /* KSSL_DEBUG */