1 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index e9f14dc610..d6b7de1efd 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.161 2024/06/25 14:10:45 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.162 2024/07/19 08:54:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1078,13 +1078,13 @@ ssl3_get_client_hello(SSL *s)
                s->hit = 1;
                s->session->verify_result = X509_V_OK;
-                sk_SSL_CIPHER_free(s->session->ciphers);
+                sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
-                s->session->ciphers = ciphers;
+                s->s3->hs.client_ciphers = ciphers;
                ciphers = NULL;
                /* Check if some cipher was preferred by the callback. */
                if (pref_cipher == NULL)
-                        pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
+                        pref_cipher = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
                            SSL_get_ciphers(s));
                if (pref_cipher == NULL) {
                        al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1094,7 +1094,7 @@ ssl3_get_client_hello(SSL *s)
                s->session->cipher = pref_cipher;
                sk_SSL_CIPHER_free(s->cipher_list);
-                s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+                s->cipher_list = sk_SSL_CIPHER_dup(s->s3->hs.client_ciphers);
        }
        /*
@@ -1108,11 +1108,11 @@ ssl3_get_client_hello(SSL *s)
                        SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
                        goto fatal_err;
                }
-                sk_SSL_CIPHER_free(s->session->ciphers);
+                sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
-                s->session->ciphers = ciphers;
+                s->s3->hs.client_ciphers = ciphers;
                ciphers = NULL;
-                if ((c = ssl3_choose_cipher(s, s->session->ciphers,
+                if ((c = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
                    SSL_get_ciphers(s))) == NULL) {
                        al = SSL_AD_HANDSHAKE_FAILURE;
                        SSLerror(s, SSL_R_NO_SHARED_CIPHER);

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index e9f14dc610..d6b7de1efd 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.161 2024/06/25 14:10:45 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.162 2024/07/19 08:54:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1078,13 +1078,13 @@ ssl3_get_client_hello(SSL *s)
1078	s->hit = 1;	1078	s->hit = 1;
1079	s->session->verify_result = X509_V_OK;	1079	s->session->verify_result = X509_V_OK;
1080		1080
1081	sk_SSL_CIPHER_free(s->session->ciphers);	1081	sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
1082	s->session->ciphers = ciphers;	1082	s->s3->hs.client_ciphers = ciphers;
1083	ciphers = NULL;	1083	ciphers = NULL;
1084		1084
1085	/* Check if some cipher was preferred by the callback. */	1085	/* Check if some cipher was preferred by the callback. */
1086	if (pref_cipher == NULL)	1086	if (pref_cipher == NULL)
1087	pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,	1087	pref_cipher = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
1088	SSL_get_ciphers(s));	1088	SSL_get_ciphers(s));
1089	if (pref_cipher == NULL) {	1089	if (pref_cipher == NULL) {
1090	al = SSL_AD_HANDSHAKE_FAILURE;	1090	al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1094,7 +1094,7 @@ ssl3_get_client_hello(SSL *s)
1094	s->session->cipher = pref_cipher;	1094	s->session->cipher = pref_cipher;
1095		1095
1096	sk_SSL_CIPHER_free(s->cipher_list);	1096	sk_SSL_CIPHER_free(s->cipher_list);
1097	s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);	1097	s->cipher_list = sk_SSL_CIPHER_dup(s->s3->hs.client_ciphers);
1098	}	1098	}
1099		1099
1100	/*	1100	/*
@@ -1108,11 +1108,11 @@ ssl3_get_client_hello(SSL *s)
1108	SSLerror(s, SSL_R_NO_CIPHERS_PASSED);	1108	SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
1109	goto fatal_err;	1109	goto fatal_err;
1110	}	1110	}
1111	sk_SSL_CIPHER_free(s->session->ciphers);	1111	sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
1112	s->session->ciphers = ciphers;	1112	s->s3->hs.client_ciphers = ciphers;
1113	ciphers = NULL;	1113	ciphers = NULL;
1114		1114
1115	if ((c = ssl3_choose_cipher(s, s->session->ciphers,	1115	if ((c = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
1116	SSL_get_ciphers(s))) == NULL) {	1116	SSL_get_ciphers(s))) == NULL) {
1117	al = SSL_AD_HANDSHAKE_FAILURE;	1117	al = SSL_AD_HANDSHAKE_FAILURE;
1118	SSLerror(s, SSL_R_NO_SHARED_CIPHER);	1118	SSLerror(s, SSL_R_NO_SHARED_CIPHER);