X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=fc723a00a9759a637f54dd0c71174f02870e97a0;hb=0b8cd5acd6616888a3cde85d6127c93894dfe797;hp=8fa4ab02c367e35ad83cba16cbff17a59ae5f33b;hpb=0d399f97dd227989c657ad080e9ad829f113ce2a;p=oweals%2Fopenssl.git

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 8fa4ab02c3..fc723a00a9 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1722,12 +1722,23 @@ void ssl3_clear(SSL *s)
 		}
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
+		{
 		DH_free(s->s3->tmp.dh);
+		s->s3->tmp.dh = NULL;
+		}
 #endif
 #ifndef OPENSSL_NO_ECDH
 	if (s->s3->tmp.ecdh != NULL)
+		{
 		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL;
+		}
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+	s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
 	rp = s->s3->rbuf.buf;
 	wp = s->s3->wbuf.buf;
@@ -2392,6 +2403,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		j=sk_SSL_CIPHER_find(allow,c);
 		if (j >= 0)
 			{
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+			if ((alg & SSL_kECDHE) && (alg & SSL_aECDSA) && s->s3->is_probably_safari)
+				{
+				if (!ret) ret=sk_SSL_CIPHER_value(allow,j);
+				continue;
+				}
+#endif
 			ret=sk_SSL_CIPHER_value(allow,j);
 			break;
 			}
@@ -2635,4 +2653,3 @@ need to go to SSL_ST_ACCEPT.
 		}
 	return(ret);
 	}
-