From c32a559743d0b261663c489a56d6b651dc3011ff Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan.karger@fox-it.com>
Date: Thu, 4 Apr 2013 21:53:07 +0200
Subject: [PATCH] Fixed tls-cipher translation bug in openssl-build

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
---
 src/openvpn/ssl_openssl.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 1006617..79cc056 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -217,8 +217,9 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
   ASSERT(NULL != ctx);
 
   // Translate IANA cipher suite names to OpenSSL names
-  for (begin_of_cipher = 0; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher+1) {
-      end_of_cipher = strcspn(&ciphers[begin_of_cipher], ":");
+  begin_of_cipher = end_of_cipher = 0;
+  for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher) {
+      end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
       cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
 
       if (NULL == cipher_pair)
@@ -257,6 +258,8 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
       openssl_ciphers_len += current_cipher_len;
       openssl_ciphers[openssl_ciphers_len] = ':';
       openssl_ciphers_len++;
+
+      end_of_cipher++;
   }
 
   if (openssl_ciphers_len > 0)
-- 
1.7.9.5