ncb.nidcnt = 0;
if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb))
return 0;
+ if (pext == NULL)
+ return 1;
return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
}
/* For an EC key set TLS id and required compression based on parameters */
EC_KEY *ec = s->cert->ecdh_tmp;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Allow any curve: not just those peer supports */
- if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
return 1;
#endif
/* If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384,
tls1_set_shared_sigalgs(s);
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
{
/* Use first set signature preference to force message
* digest, ignoring any peer preferences.
sig.sigalgcnt = 0;
if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
return 0;
+ if (c == NULL)
+ return 1;
return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
}
goto end;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Allow any certificate to pass test */
- if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
{
rv = CERT_PKEY_STRICT_FLAGS|CERT_PKEY_EXPLICIT_SIGN|CERT_PKEY_VALID|CERT_PKEY_SIGN;
cpk->valid_flags = rv;
projects / openssl.git / blobdiff