Only reinitialize suites in InitSSL_Side if they were not set by the user. Always allocate suites in InitSSL_Side if they're NULL so InitSSL_Suites will set them.

kareem-wolfssl · kareem-wolfssl · commit d505c0b7c54a · 2026-01-20T11:40:37.000-07:00
diff --git a/src/internal.c b/src/internal.c
@@ -2253,9 +2253,16 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
     }
 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
 
-    /* Forcefully reinitialize suites here as the side may have changed. */
-    FreeSuites(ssl);
-    AllocateSuites(ssl);
+    /* Forcefully reinitialize suites here as the side may have changed,
+     * unless the user has explicitly set cipher suites.
+     * Two separate checks to ensure suites are always allocated, to avoid
+     * failing suites == NULL check in InitSSL_Suites. */
+    if (ssl->suites && !ssl->suites->setSuites) {
+        FreeSuites(ssl);
+    }
+    if (!ssl->suites) {
+        AllocateSuites(ssl);
+    }
     return InitSSL_Suites(ssl);
 }
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE ||
