tlsext_ecpointformatlist_length is unsigned, so check if it's less

than zero will only result in pissing of some compilers...

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index cdcc0598c2273a9d12df37ddc2af45691bd5ce3b..a46e573ff692d45cc2cb8a28b55c0bd47c0c0ff9 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -632,7 +632,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
                size_t i;
                unsigned char *list;
                int found_uncompressed = 0;
-               if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length <= 0))
+               if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0))
                        {
                        SSLerr(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
                        return -1;