From: raja-ashok Date: Thu, 30 May 2019 18:21:18 +0000 (+0530) Subject: Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list X-Git-Tag: openssl-3.0.0-alpha1~1610 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=52b1fda30201655193f8034ad2ee36edbfaea50e;p=oweals%2Fopenssl.git Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9079) --- diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 6cb8b33b5b..e427c407fc 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1380,24 +1380,25 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) { int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str); - if (ret && ctx->cipher_list != NULL) { - /* We already have a cipher_list, so we need to update it */ + if (ret && ctx->cipher_list != NULL) return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id, ctx->tls13_ciphersuites); - } return ret; } int SSL_set_ciphersuites(SSL *s, const char *str) { + STACK_OF(SSL_CIPHER) *cipher_list; int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); - if (ret && s->cipher_list != NULL) { - /* We already have a cipher_list, so we need to update it */ + if (s->cipher_list == NULL) { + if ((cipher_list = SSL_get_ciphers(s)) != NULL) + s->cipher_list = sk_SSL_CIPHER_dup(cipher_list); + } + if (ret && s->cipher_list != NULL) return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id, s->tls13_ciphersuites); - } return ret; }