From de07a546c0dd7fb709141d106c6a9e837c746852 Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Tue, 15 Sep 2020 15:28:38 +0000
Subject: Do not destroy an existing cipher list when ssl_parse_ciphersuites()
 fails, to match the behaviour of ssl_create_cipher_list().  This also agrees
 with the behaviour of SSL_set_ciphersuites(3) in OpenSSL. Issue found while
 writing documentation. OK jsing@

---
 src/lib/libssl/ssl_ciphers.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c
index 0912fb6d25..399e274ad4 100644
--- a/src/lib/libssl/ssl_ciphers.c
+++ b/src/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_ciphers.c,v 1.8 2020/09/14 17:52:38 tb Exp $ */
+/*	$OpenBSD: ssl_ciphers.c,v 1.9 2020/09/15 15:28:38 schwarze Exp $ */
 /*
  * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
  * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@@ -220,9 +220,6 @@ ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str)
 	int i;
 	int ret = 0;
 
-	sk_SSL_CIPHER_free(*out_ciphers);
-	*out_ciphers = NULL;
-
 	if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL)
 		goto err;
 
@@ -255,6 +252,7 @@ ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str)
 	}
 
  done:
+	sk_SSL_CIPHER_free(*out_ciphers);
 	*out_ciphers = ciphers;
 	ciphers = NULL;
 	ret = 1;
-- 
cgit v1.2.3-55-g6feb