set ciphers to NULL before calling cert_cb
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 6cb405d..28f3bdd 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -1357,6 +1357,7 @@ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); goto f_err; } + ciphers=NULL; /* Let cert callback update server certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) @@ -1365,7 +1366,6 @@ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR); goto f_err; } - ciphers=NULL; c=ssl3_choose_cipher(s,s->session->ciphers, SSL_get_ciphers(s));