Fix bug with ssl_set_curves() check on client

commit: 07ec1ddd1044052c01b6c579b1b65aee80e0c97a [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Apr 03 17:26:50 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Apr 03 18:17:37 2015 +0200
tree: e269c0b2157dab9b023e9be17654376499805f7d
parent: a5cc2aa769b7403aad61bddacdd3330c4d5a93bf [diff]
diff --git a/ChangeLog b/ChangeLog
index 4958da8..f322a75 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -99,6 +99,8 @@
    * Add missing extern "C" guard in aesni.h (reported by amir zamani).
    * Add missing dependency on SHA-256 in some x509 programs (reported by
      Gergely Budai).
+   * Fix bug related to ssl_set_curves(): the client didn't check that the
+     curve picked by the server was actually allowed.
 
 Changes
    * Adjusting/overriding CFLAGS and LDFLAGS with the make build syste is now

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index beb8536..05bfca7 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -1673,7 +1673,7 @@
 
     SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
 
-#if defined(POLARSSL_SSL_ECP_SET_CURVES)
+#if defined(POLARSSL_SSL_SET_CURVES)
     if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
 #else
     if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
commit	07ec1ddd1044052c01b6c579b1b65aee80e0c97a	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Apr 03 17:26:50 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Apr 03 18:17:37 2015 +0200
tree	e269c0b2157dab9b023e9be17654376499805f7d
parent	a5cc2aa769b7403aad61bddacdd3330c4d5a93bf [diff]