From 13e228d6845aff7e454eea7c9ddd392ebfbd2868 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 4 Sep 2015 00:20:34 +0100 Subject: [PATCH] Match SUITEB strings at start of cipher list. PR#4009. Reviewed-by: Rich Salz --- ssl/ssl_ciph.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2dd2379819..12dac046a8 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1330,15 +1330,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; - if (strcmp(*prule_str, "SUITEB128") == 0) - suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - else if (strcmp(*prule_str, "SUITEB128ONLY") == 0) + if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; - else if (strcmp(*prule_str, "SUITEB128C2") == 0) { + } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) { suiteb_comb2 = 1; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - } else if (strcmp(*prule_str, "SUITEB192") == 0) + } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) { + suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; + } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; + } if (suiteb_flags) { c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS; -- GitLab