Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the
original variable has to be used instead of the already masked variable.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b7bcf86..1dd03b1 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -771,11 +771,11 @@
emask=cert->export_mask;
alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
- if (SSL_IS_EXPORT(alg))
+ if (SSL_IS_EXPORT(c->algorithms))
{
ok=((alg & emask) == alg)?1:0;
#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+ printf("%d:[%08lX:%08lX]%s (export)\n",ok,alg,mask,c->name);
#endif
}
else
