new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some opera...

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a64e5d0e85371b54c95bb33624c7c483a50f8fff..d529b8541f65d5908b34ea310ba2212a2d179a0f 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1169,6 +1169,20 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
 long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
        {
        long l;
+       /* For some cases with ctx == NULL perform syntax checks */
+       if (ctx == NULL)
+               {
+               switch (cmd)
+                       {
+               case SSL_CTRL_SET_CURVES_LIST:
+                       return tls1_set_curves_list(NULL, NULL, parg);
+               case SSL_CTRL_SET_SIGALGS_LIST:
+               case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+                       return tls1_set_sigalgs_list(NULL, parg, 0);
+               default:
+                       return 0;
+                       }
+               }
 
        switch (cmd)
                {

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 31b3bd75c7d1fd321b9f6925822fc8fcfa0048a8..952e9ebe306f75d52f4187477ac7728b34a4d438 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -525,6 +525,8 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
        ncb.nidcnt = 0;
        if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb))
                return 0;
+       if (pext == NULL)
+               return 1;
        return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
        }
 /* For an EC key set TLS id and required compression based on parameters */
@@ -3754,6 +3756,8 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
        sig.sigalgcnt = 0;
        if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
                return 0;
+       if (c == NULL)
+               return 1;
        return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
        }