From 07ec1ddd1044052c01b6c579b1b65aee80e0c97a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Fri, 3 Apr 2015 17:26:50 +0200
Subject: [PATCH] Fix bug with ssl_set_curves() check on client

---
 ChangeLog         | 2 ++
 library/ssl_cli.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 4958da8a0..f322a7567 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -99,6 +99,8 @@ Bugfix
    * Add missing extern "C" guard in aesni.h (reported by amir zamani).
    * Add missing dependency on SHA-256 in some x509 programs (reported by
      Gergely Budai).
+   * Fix bug related to ssl_set_curves(): the client didn't check that the
+     curve picked by the server was actually allowed.
 
 Changes
    * Adjusting/overriding CFLAGS and LDFLAGS with the make build syste is now
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index beb85366b..05bfca782 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1673,7 +1673,7 @@ static int ssl_check_server_ecdh_params( const ssl_context *ssl )
 
     SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
 
-#if defined(POLARSSL_SSL_ECP_SET_CURVES)
+#if defined(POLARSSL_SSL_SET_CURVES)
     if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
 #else
     if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||