Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.

[oweals/openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 2c9fb87f528d1b939106bb9290b70ba7fa38245c..7caabf38a4bea221c96a0cb94185fc3b48eb8bb7 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -262,7 +262,16 @@ int ssl3_connect(SSL *s)
                        ret=ssl3_get_server_hello(s);
                        if (ret <= 0) goto end;
                        if (s->hit)
+                               {
                                s->state=SSL3_ST_CR_FINISHED_A;
+#ifndef OPENSSL_NO_TLSEXT
+                               if (s->tlsext_ticket_expected)
+                                       {
+                                       /* receive renewed session ticket */
+                                       s->state=SSL3_ST_CR_SESSION_TICKET_A;
+                                       }
+#endif
+                               }
                        else
                                s->state=SSL3_ST_CR_CERT_A;
                        s->init_num=0;
@@ -884,7 +893,9 @@ int ssl3_get_server_hello(SSL *s)
        return(1);
 f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+#ifndef OPENSSL_NO_TLSEXT
 err:
+#endif
        return(-1);
        }