On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote: > The first chunk in the s3_lib.c patch doesn't apply. But the second > chunk does (shown below). When applying this to 1.0.1 stable, it > appears to resolve the problem. > > @@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, > STACK_OF(SSL_CIPHER) *clnt, > emask_k = cert->export_mask_k; > emask_a = cert->export_mask_a; > #ifndef OPENSSL_NO_SRP > - mask_k=cert->mask_k | s->srp_ctx.srp_Mask; > - emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; > + if (s->srp_ctx.srp_Mask & SSL_kSRP) > + { > + mask_k |= SSL_kSRP; > + emask_k |= SSL_kSRP; > + mask_a |= SSL_aSRP; > + emask_a |= SSL_aSRP; > + } > #endif > > #ifdef KSSL_DEBUG
I assumed you were talking about the 1.0.1i release and not the current git. When the mentioned commit got merged into the 1.0.1 branch the above part was somehow lost. It should get added to the 1.0.1 branch soon. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org