diff options
| author | jsing <> | 2017-03-04 16:15:02 +0000 |
|---|---|---|
| committer | jsing <> | 2017-03-04 16:15:02 +0000 |
| commit | 1f1afc6cbcd63106aed19c1803381ba73c23a55f (patch) | |
| tree | 4a1b2753a2de84e913f2c1d13adf83b85fe0d097 | |
| parent | 34cf6990f05f3e13991a32d58a8dc888504112d2 (diff) | |
| download | openbsd-1f1afc6cbcd63106aed19c1803381ba73c23a55f.tar.gz openbsd-1f1afc6cbcd63106aed19c1803381ba73c23a55f.tar.bz2 openbsd-1f1afc6cbcd63106aed19c1803381ba73c23a55f.zip | |
Call ssl3_handshake_write() instead of ssl3_do_write() - this was missed
when ssl3_send_client_certificate() was converted to the standard handshake
functions in r1.150 of s3_clnt.c.
This has no impact on TLS, however it causes the DTLS client to fail if the
server sends a certificate request, since the TLS MAC is calculated on a
non-populated DTLS header.
Issue reported by umokk on github.
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 223190c0a0..65939141a2 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.7 2017/03/01 14:01:24 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.8 2017/03/04 16:15:02 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2539,7 +2539,7 @@ ssl3_send_client_certificate(SSL *s) | |||
| 2539 | } | 2539 | } |
| 2540 | 2540 | ||
| 2541 | /* SSL3_ST_CW_CERT_D */ | 2541 | /* SSL3_ST_CW_CERT_D */ |
| 2542 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 2542 | return (ssl3_handshake_write(s)); |
| 2543 | 2543 | ||
| 2544 | err: | 2544 | err: |
| 2545 | CBB_cleanup(&cbb); | 2545 | CBB_cleanup(&cbb); |