From 050ce4ca427e76e7b90db9de2f0c50fbfb4a856f Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 20 Jul 2012 15:21:23 +0000
Subject: [PATCH] set ciphers to NULL before calling cert_cb

---
 ssl/s3_srvr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 6cb405df4a..28f3bdd6e9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1357,6 +1357,7 @@ int ssl3_get_client_hello(SSL *s)
 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
 			goto f_err;
 			}
+		ciphers=NULL;
 		/* Let cert callback update server certificates if required */
 		if (s->cert->cert_cb
 			&& s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
@@ -1365,7 +1366,6 @@ int ssl3_get_client_hello(SSL *s)
 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
 			goto f_err;
 			}
-		ciphers=NULL;
 		c=ssl3_choose_cipher(s,s->session->ciphers,
 				     SSL_get_ciphers(s));
 
-- 
2.40.0