Don't complain with "no cipher match" for QUIC objects

author Matt Caswell <matt@openssl.org>

Wed, 6 Nov 2024 09:53:11 +0000 (09:53 +0000)

committer Tomas Mraz <tomas@openssl.org>

Fri, 8 Nov 2024 13:36:17 +0000 (14:36 +0100)
author Matt Caswell <matt@openssl.org>
Wed, 6 Nov 2024 09:53:11 +0000 (09:53 +0000)
committer Tomas Mraz <tomas@openssl.org>
Fri, 8 Nov 2024 13:36:17 +0000 (14:36 +0100)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 11dc4f95643bd1059853f9e50179744dfa674848..fe14fbfdd389a7de549d32e4a1201328f6899ec4 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3348,7 +3348,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
       */
      if (sk == NULL)
          return 0;
-    else if (cipher_list_tls12_num(sk) == 0) {
+    if (ctx->method->num_ciphers() > 0 && cipher_list_tls12_num(sk) == 0) {
          ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
          return 0;
      }
@@ -3360,17 +3360,19 @@ int SSL_set_cipher_list(SSL *s, const char *str)
  {
      STACK_OF(SSL_CIPHER) *sk;
      SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+    SSL_CTX *ctx;
  
      if (sc == NULL)
          return 0;
  
-    sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites,
+    ctx = s->ctx;
+    sk = ssl_create_cipher_list(ctx, sc->tls13_ciphersuites,
                                  &sc->cipher_list, &sc->cipher_list_by_id, str,
                                  sc->cert);
      /* see comment in SSL_CTX_set_cipher_list */
      if (sk == NULL)
          return 0;
-    else if (cipher_list_tls12_num(sk) == 0) {
+    if (ctx->method->num_ciphers() > 0 && cipher_list_tls12_num(sk) == 0) {
          ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
          return 0;
      }
author	Matt Caswell <matt@openssl.org>
	Wed, 6 Nov 2024 09:53:11 +0000 (09:53 +0000)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 8 Nov 2024 13:36:17 +0000 (14:36 +0100)