On Tue, Aug 12, 2014 at 08:36:06PM +0200, Kurt Roeckx wrote:
> On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote:
> > The first chunk in the s3_lib.c patch doesn't apply. But the second
> > chunk does (shown below). When applying this to 1.0.1 stable, it
> > appears to resolve the problem.
> >
> > @@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
> > STACK_OF(SSL_CIPHER) *clnt,
> > emask_k = cert->export_mask_k;
> > emask_a = cert->export_mask_a;
> > #ifndef OPENSSL_NO_SRP
> > - mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
> > - emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
> > + if (s->srp_ctx.srp_Mask & SSL_kSRP)
> > + {
> > + mask_k |= SSL_kSRP;
> > + emask_k |= SSL_kSRP;
> > + mask_a |= SSL_aSRP;
> > + emask_a |= SSL_aSRP;
> > + }
> > #endif
> >
> > #ifdef KSSL_DEBUG
>
> I assumed you were talking about the 1.0.1i release and not the
> current git. When the mentioned commit got merged into the 1.0.1
> branch the above part was somehow lost. It should get added to
> the 1.0.1 branch soon.
So this got fixed in commit
03ebf85f7757c5da9f9d4fecb8ea1a1af18df46d, closing the ticket.
Kurt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
