From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 26 Dec 2012 14:56:40 +0000 (+0000)
Subject: set ciphers to NULL before calling cert_cb
X-Git-Tag: OpenSSL_1_0_2-beta1~512
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=35b7757f9b884528e7b4a5313e17a7a8c51f339e;p=openssl

set ciphers to NULL before calling cert_cb
(backport from HEAD)
---

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 5218edf083..dc20fab790 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1358,6 +1358,7 @@ int ssl3_get_client_hello(SSL *s)
 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
 			goto f_err;
 			}
+		ciphers=NULL;
 		/* Let cert callback update server certificates if required */
 		if (s->cert->cert_cb
 			&& s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
@@ -1366,7 +1367,6 @@ int ssl3_get_client_hello(SSL *s)
 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
 			goto f_err;
 			}
-		ciphers=NULL;
 		c=ssl3_choose_cipher(s,s->session->ciphers,
 				     SSL_get_ciphers(s));