From 6aaa71524fb63f15a7b380ada15b019cfa250176 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 23 May 2020 13:00:30 +0000
Subject: While the second SSL_CTX in this code is only used on servername
 callback, so its mode is not used to update the ssl's mode, it seems more
 appropriate to clear the SSL_MODE_AUTO_RETRY flag on it as well.

ok jsing
---
 src/usr.bin/openssl/s_server.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index dbf59ad854..2ff142dab8 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.37 2020/05/23 12:52:54 tb Exp $ */
+/* $OpenBSD: s_server.c,v 1.38 2020/05/23 13:00:30 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1033,6 +1033,7 @@ s_server_main(int argc, char *argv[])
 			goto end;
 		if (!SSL_CTX_set_max_proto_version(ctx2, max_version))
 			goto end;
+		SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY);
 	}
 	if (ctx2) {
 		BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
-- 
cgit v1.2.3-55-g6feb