X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Ft1_lib.c;h=c53eadfe302a1b82f06c21a77bd651a96d99c203;hb=ddd13d677b0fc62c34d246b3d060c9cb5de04d82;hp=31b3bd75c7d1fd321b9f6925822fc8fcfa0048a8;hpb=e5db9c3b67deb80e274f66e3832a9cfba931670c;p=openssl.git

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 31b3bd75c7..c53eadfe30 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -525,6 +525,8 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
 	ncb.nidcnt = 0;
 	if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb))
 		return 0;
+	if (pext == NULL)
+		return 1;
 	return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
 	}
 /* For an EC key set TLS id and required compression based on parameters */
@@ -688,7 +690,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
 	EC_KEY *ec = s->cert->ecdh_tmp;
 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
 	/* Allow any curve: not just those peer supports */
-	if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+	if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
 		return 1;
 #endif
 	/* If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384,
@@ -3434,7 +3436,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 	tls1_set_shared_sigalgs(s);
 
 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-	if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+	if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
 		{
 		/* Use first set signature preference to force message
 		 * digest, ignoring any peer preferences.
@@ -3754,6 +3756,8 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
 	sig.sigalgcnt = 0;
 	if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
 		return 0;
+	if (c == NULL)
+		return 1;
 	return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
 	}
 
@@ -3874,7 +3878,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
 			goto end;
 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
 		/* Allow any certificate to pass test */
-		if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+		if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
 			{
 			rv = CERT_PKEY_STRICT_FLAGS|CERT_PKEY_EXPLICIT_SIGN|CERT_PKEY_VALID|CERT_PKEY_SIGN;
 			cpk->valid_flags = rv;