OpenSSL 0.9.5a merge

1 files changed, 39 insertions, 38 deletions

diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index 1cbc2886e92..7436a50ad14 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -607,7 +607,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			if (buflen == 0)
 				{
 				/*
-				 * We hit something, we cannot deal with,
+				 * We hit something we cannot deal with,
 				 * it is no command or separator nor
 				 * alphanumeric, so we call this an error.
 				 */
@@ -620,6 +620,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 
 			if (rule == CIPHER_SPECIAL)
 				{
+				found = 0; /* unused -- avoid compiler warning */
 				break;	/* special treatment */
 				}
 
@@ -633,12 +634,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 				multi=0;
 
 			/*
-			 * Now search for the name in the ca_list. Be careful
+			 * Now search for the cipher alias in the ca_list. Be careful
 			 * with the strncmp, because the "buflen" limitation
 			 * will make the rule "ADH:SOME" and the cipher
 			 * "ADH-MY-CIPHER" look like a match for buflen=3.
-			 * So additionally check, whether the cipher name found
-			 * has the correct length. We can save a strlen() call,
+			 * So additionally check whether the cipher name found
+			 * has the correct length. We can save a strlen() call:
 			 * just checking for the '\0' at the right place is
 			 * sufficient, we have to strncmp() anyway.
 			 */
@@ -665,42 +666,42 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			if (!multi) break;
 			}
 
+		/*
+		 * Ok, we have the rule, now apply it
+		 */
+		if (rule == CIPHER_SPECIAL)
+			{	/* special command */
+			ok = 0;
+			if ((buflen == 8) &&
+				!strncmp(buf, "STRENGTH", 8))
+				ok = ssl_cipher_strength_sort(list,
+					head_p, tail_p);
+			else
+				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+					SSL_R_INVALID_COMMAND);
+			if (ok == 0)
+				retval = 0;
 			/*
-			 * Ok, we have the rule, now apply it
+			 * We do not support any "multi" options
+			 * together with "@", so throw away the
+			 * rest of the command, if any left, until
+			 * end or ':' is found.
 			 */
-			if (rule == CIPHER_SPECIAL)
-				{	/* special command */
-				ok = 0;
-				if ((buflen == 8) &&
-					!strncmp(buf, "STRENGTH", 8))
-					ok = ssl_cipher_strength_sort(list,
-							head_p, tail_p);
-				else
-					SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-						SSL_R_INVALID_COMMAND);
-				if (ok == 0)
-					retval = 0;
-				/*
-				 * We do not support any "multi" options
-				 * together with "@", so throw away the
-				 * rest of the command, if any left, until
-				 * end or ':' is found.
-				 */
-				while ((*l != '\0') && ITEM_SEP(*l))
-					l++;
-				}
-			else if (found)
-				{
-				ssl_cipher_apply_rule(algorithms, mask,
-					algo_strength, mask_strength, rule, -1,
-					list, head_p, tail_p);
-				}
-			else
-				{
-				while ((*l != '\0') && ITEM_SEP(*l))
-					l++;
-				}
-			if (*l == '\0') break; /* done */
+			while ((*l != '\0') && ITEM_SEP(*l))
+				l++;
+			}
+		else if (found)
+			{
+			ssl_cipher_apply_rule(algorithms, mask,
+				algo_strength, mask_strength, rule, -1,
+				list, head_p, tail_p);
+			}
+		else
+			{
+			while ((*l != '\0') && ITEM_SEP(*l))
+				l++;
+			}
+		if (*l == '\0') break; /* done */
 		}
 
 	return(retval);