Error messages for client ECC cert verification.
Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index e84dbf5..0fb959e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -164,10 +164,6 @@
static const SSL_METHOD *ssl3_get_client_method(int ver);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-#ifndef OPENSSL_NO_ECDH
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
-#endif
-
static const SSL_METHOD *ssl3_get_client_method(int ver)
{
if (ver == SSL3_VERSION)
@@ -2506,7 +2502,7 @@
#ifndef OPENSSL_NO_ECDH
if (idx == SSL_PKEY_ECC)
{
- if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
+ if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
s->s3->tmp.new_cipher) == 0)
{ /* check failed */
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
