From b7927946fdd73aecb86fb7c76ee4adb7a80e71e1 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 23 Apr 2025 08:46:17 -0400
Subject: [PATCH] Correctly detect error from SSL_CTX_set1_groups_list.

Previously our code was checking for '< 0', but the error return value for
this function _is_ zero.
---
 src/lib/tls/tortls_openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 9bd0b72b96..3d20453c07 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -673,7 +673,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
     const char *list;
     list = "P-256:P-224";
     int r = (int) SSL_CTX_set1_groups_list(result->ctx, list);
-    if (r < 0)
+    if (r == 0)
       goto error;
   }
 #else /* !(defined(SSL_CTX_set1_groups_list) || defined(HAVE_SSL_CTX_SE...)) */
-- 
2.47.2