Argh, maybe this time...
--
viq
Index: t1_lib.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.8
diff -u -d -r1.8 t1_lib.c
--- t1_lib.c 10 Feb 2011 22:40:27 -0000 1.8
+++ t1_lib.c 23 Sep 2011 19:38:13 -0000
@@ -1453,23 +1453,20 @@
int al = SSL_AD_UNRECOGNIZED_NAME;
#ifndef OPENSSL_NO_EC
- /* If we are client and using an elliptic curve cryptography cipher
suite,
then server
- * must return a an EC point formats lists containing uncompressed.
+ /* If we are client and using an elliptic curve cryptography cipher
+ * suite, then if server returns an EC point formats lists extension
+ * it must contain uncompressed.
*/
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if ((s->tlsext_ecpointformatlist != NULL) &&
(s->tlsext_ecpointformatlist_length > 0) &&
+ (s->session->tlsext_ecpointformatlist != NULL) &&
(s->session->tlsext_ecpointformatlist_length > 0) &&
((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a &
SSL_aECDSA)))
{
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
int found_uncompressed = 0;
- if ((s->session->tlsext_ecpointformatlist == NULL) ||
(s->session->tlsext_ecpointformatlist_length == 0))
- {
-
SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIS
T);
- return -1;
- }
list = s->session->tlsext_ecpointformatlist;
for (i = 0; i < s->session->tlsext_ecpointformatlist_length;
i++)
{
[demime 1.01d removed an attachment of type application/pgp-signature]
