From 2df619b06ca0026e40e8689020b0e54ed7165583 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 4 Sep 2015 00:20:34 +0100 Subject: [PATCH] Match SUITEB strings at start of cipher list. PR#4009. Reviewed-by: Rich Salz (cherry picked from commit 13e228d6845aff7e454eea7c9ddd392ebfbd2868) Conflicts: ssl/ssl_ciph.c --- ssl/ssl_ciph.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2cc9a4a21f..a53f25bba7 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1404,15 +1404,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; - if (!strcmp(*prule_str, "SUITEB128")) - suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - else if (!strcmp(*prule_str, "SUITEB128ONLY")) + if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; - else if (!strcmp(*prule_str, "SUITEB128C2")) { + } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) { suiteb_comb2 = 1; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - } else if (!strcmp(*prule_str, "SUITEB192")) + } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) { + suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; + } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; + } if (suiteb_flags) { c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS; -- 2.25.1