Fix bug with ssl_set_curves() check on client

2024-10-18 12:21:04 +00:00 · 2015-04-03 17:26:50 +02:00 · 2015-04-03 17:26:50 +02:00 · 29f777ef54
parent 32a7fe3fec
commit 29f777ef54
2 changed files with 3 additions and 1 deletions
--- a/2
+++ b/2
@ -39,6 +39,8 @@ Bugfix
   * Add missing extern "C" guard in aesni.h (reported by amir zamani).
   * Add missing dependency on SHA-256 in some x509 programs (reported by
     Gergely Budai).
+   * Fix bug related to ssl_set_curves(): the client didn't check that the
+     curve picked by the server was actually allowed.

 Changes
   * Adjusting/overriding CFLAGS and LDFLAGS with the make build syste is now
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1479,7 +1479,7 @@ static int ssl_check_server_ecdh_params( const ssl_context *ssl )

    SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );

-#if defined(POLARSSL_SSL_ECP_SET_CURVES)
+#if defined(POLARSSL_SSL_SET_CURVES)
    if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
 #else
    if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||