Thank you.
On 08/13/2014 01:39 PM, Kurt Roeckx via RT wrote:
> On Tue, Aug 12, 2014 at 08:36:06PM +0200, Kurt Roeckx wrote:
>> On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote:
>>> The first chunk in the s3_lib.c patch doesn't apply. But the second
>>> chunk does (shown below). When applying this to 1.0.1 stable, it
>>> appears to resolve the problem.
>>>
>>> @@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
>>> STACK_OF(SSL_CIPHER) *clnt,
>>> emask_k = cert->export_mask_k;
>>> emask_a = cert->export_mask_a;
>>> #ifndef OPENSSL_NO_SRP
>>> - mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
>>> - emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
>>> + if (s->srp_ctx.srp_Mask & SSL_kSRP)
>>> + {
>>> + mask_k |= SSL_kSRP;
>>> + emask_k |= SSL_kSRP;
>>> + mask_a |= SSL_aSRP;
>>> + emask_a |= SSL_aSRP;
>>> + }
>>> #endif
>>>
>>> #ifdef KSSL_DEBUG
>> I assumed you were talking about the 1.0.1i release and not the
>> current git. When the mentioned commit got merged into the 1.0.1
>> branch the above part was somehow lost. It should get added to
>> the 1.0.1 branch soon.
> So this got fixed in commit
> 03ebf85f7757c5da9f9d4fecb8ea1a1af18df46d, closing the ticket.
>
>
> Kurt
>
>
> .
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
