On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote:
> The first chunk in the s3_lib.c patch doesn't apply. But the second
> chunk does (shown below). When applying this to 1.0.1 stable, it
> appears to resolve the problem.
>
> @@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
> STACK_OF(SSL_CIPHER) *clnt,
> emask_k = cert->export_mask_k;
> emask_a = cert->export_mask_a;
> #ifndef OPENSSL_NO_SRP
> - mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
> - emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
> + if (s->srp_ctx.srp_Mask & SSL_kSRP)
> + {
> + mask_k |= SSL_kSRP;
> + emask_k |= SSL_kSRP;
> + mask_a |= SSL_aSRP;
> + emask_a |= SSL_aSRP;
> + }
> #endif
>
> #ifdef KSSL_DEBUG
I assumed you were talking about the 1.0.1i release and not the
current git. When the mentioned commit got merged into the 1.0.1
branch the above part was somehow lost. It should get added to
the 1.0.1 branch soon.
Kurt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
