* crypto/ui/ui_lib.c: misplaced brace in switch statement.

[oweals/openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 8fa4ab02c367e35ad83cba16cbff17a59ae5f33b..fc723a00a9759a637f54dd0c71174f02870e97a0 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1722,12 +1722,23 @@ void ssl3_clear(SSL *s)
                }
 #ifndef OPENSSL_NO_DH
        if (s->s3->tmp.dh != NULL)
+               {
                DH_free(s->s3->tmp.dh);
+               s->s3->tmp.dh = NULL;
+               }
 #endif
 #ifndef OPENSSL_NO_ECDH
        if (s->s3->tmp.ecdh != NULL)
+               {
                EC_KEY_free(s->s3->tmp.ecdh);
+               s->s3->tmp.ecdh = NULL;
+               }
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+       s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
        rp = s->s3->rbuf.buf;
        wp = s->s3->wbuf.buf;
@@ -2392,6 +2403,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                j=sk_SSL_CIPHER_find(allow,c);
                if (j >= 0)
                        {
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+                       if ((alg & SSL_kECDHE) && (alg & SSL_aECDSA) && s->s3->is_probably_safari)
+                               {
+                               if (!ret) ret=sk_SSL_CIPHER_value(allow,j);
+                               continue;
+                               }
+#endif
                        ret=sk_SSL_CIPHER_value(allow,j);
                        break;
                        }
@@ -2635,4 +2653,3 @@ need to go to SSL_ST_ACCEPT.
                }
        return(ret);
        }
-