Fix bug with ssl_set_curves() check on client

This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-03 17:26:50 +02:00
parent a5cc2aa769
commit 07ec1ddd10
2 changed files with 3 additions and 1 deletions

View file

@ -99,6 +99,8 @@ Bugfix
* Add missing extern "C" guard in aesni.h (reported by amir zamani). * Add missing extern "C" guard in aesni.h (reported by amir zamani).
* Add missing dependency on SHA-256 in some x509 programs (reported by * Add missing dependency on SHA-256 in some x509 programs (reported by
Gergely Budai). Gergely Budai).
* Fix bug related to ssl_set_curves(): the client didn't check that the
curve picked by the server was actually allowed.
Changes Changes
* Adjusting/overriding CFLAGS and LDFLAGS with the make build syste is now * Adjusting/overriding CFLAGS and LDFLAGS with the make build syste is now

View file

@ -1673,7 +1673,7 @@ static int ssl_check_server_ecdh_params( const ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
#if defined(POLARSSL_SSL_ECP_SET_CURVES) #if defined(POLARSSL_SSL_SET_CURVES)
if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) ) if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
#else #else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||