From cc7dc6e9b7012526aa3797842d226b3a275a7e70 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 19 Jul 2024 08:56:17 +0000
Subject: Annotate issues with tls_session_secret_cb() related code.

---
 src/lib/libssl/ssl_clnt.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_clnt.c')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index feb29ee4a5..6cf0ee4a4a 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.165 2024/02/03 18:03:49 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.166 2024/07/19 08:56:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -941,6 +941,11 @@ ssl3_get_server_hello(SSL *s)
 		}
 		s->session->master_key_length = master_key_length;
 
+		/*
+		 * XXX - this appears to be completely broken. The
+		 * client cannot change the cipher at this stage,
+		 * as the server has already made a selection.
+		 */
 		if ((s->session->cipher = pref_cipher) == NULL)
 			s->session->cipher =
 			    ssl3_get_cipher_by_value(cipher_suite);
-- 
cgit v1.2.3-55-g6feb