diff options
| author | beck <> | 2000-12-15 02:58:47 +0000 |
|---|---|---|
| committer | beck <> | 2000-12-15 02:58:47 +0000 |
| commit | 9200bb13d15da4b2a23e6bc92c20e95b74aa2113 (patch) | |
| tree | 5c52d628ec1e34be76e7ef2a4235d248b7c44d24 /src/lib/libssl/s3_clnt.c | |
| parent | e131d25072e3d4197ba4b9bcc0d1b27d34d6488d (diff) | |
| download | openbsd-9200bb13d15da4b2a23e6bc92c20e95b74aa2113.tar.gz openbsd-9200bb13d15da4b2a23e6bc92c20e95b74aa2113.tar.bz2 openbsd-9200bb13d15da4b2a23e6bc92c20e95b74aa2113.zip | |
openssl-engine-0.9.6 merge
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 0c8f551f73..62040f9f1d 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -69,7 +69,7 @@ static SSL_METHOD *ssl3_get_client_method(int ver); | |||
| 69 | static int ssl3_client_hello(SSL *s); | 69 | static int ssl3_client_hello(SSL *s); |
| 70 | static int ssl3_get_server_hello(SSL *s); | 70 | static int ssl3_get_server_hello(SSL *s); |
| 71 | static int ssl3_get_certificate_request(SSL *s); | 71 | static int ssl3_get_certificate_request(SSL *s); |
| 72 | static int ca_dn_cmp(X509_NAME **a,X509_NAME **b); | 72 | static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); |
| 73 | static int ssl3_get_server_done(SSL *s); | 73 | static int ssl3_get_server_done(SSL *s); |
| 74 | static int ssl3_send_client_verify(SSL *s); | 74 | static int ssl3_send_client_verify(SSL *s); |
| 75 | static int ssl3_send_client_certificate(SSL *s); | 75 | static int ssl3_send_client_certificate(SSL *s); |
| @@ -142,7 +142,12 @@ int ssl3_connect(SSL *s) | |||
| 142 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | 142 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
| 143 | 143 | ||
| 144 | if ((s->version & 0xff00 ) != 0x0300) | 144 | if ((s->version & 0xff00 ) != 0x0300) |
| 145 | abort(); | 145 | { |
| 146 | SSLerr(SSL_F_SSL3_CONNECT, SSL_R_INTERNAL_ERROR); | ||
| 147 | ret = -1; | ||
| 148 | goto end; | ||
| 149 | } | ||
| 150 | |||
| 146 | /* s->version=SSL3_VERSION; */ | 151 | /* s->version=SSL3_VERSION; */ |
| 147 | s->type=SSL_ST_CONNECT; | 152 | s->type=SSL_ST_CONNECT; |
| 148 | 153 | ||
| @@ -764,6 +769,7 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 764 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); | 769 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); |
| 765 | goto f_err; | 770 | goto f_err; |
| 766 | } | 771 | } |
| 772 | ERR_clear_error(); /* but we keep s->verify_result */ | ||
| 767 | 773 | ||
| 768 | sc=ssl_sess_cert_new(); | 774 | sc=ssl_sess_cert_new(); |
| 769 | if (sc == NULL) goto err; | 775 | if (sc == NULL) goto err; |
| @@ -934,10 +940,12 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 934 | s->session->sess_cert->peer_rsa_tmp=rsa; | 940 | s->session->sess_cert->peer_rsa_tmp=rsa; |
| 935 | rsa=NULL; | 941 | rsa=NULL; |
| 936 | } | 942 | } |
| 937 | else | 943 | #else /* NO_RSA */ |
| 944 | if (0) | ||
| 945 | ; | ||
| 938 | #endif | 946 | #endif |
| 939 | #ifndef NO_DH | 947 | #ifndef NO_DH |
| 940 | if (alg & SSL_kEDH) | 948 | else if (alg & SSL_kEDH) |
| 941 | { | 949 | { |
| 942 | if ((dh=DH_new()) == NULL) | 950 | if ((dh=DH_new()) == NULL) |
| 943 | { | 951 | { |
| @@ -993,10 +1001,12 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 993 | #ifndef NO_RSA | 1001 | #ifndef NO_RSA |
| 994 | if (alg & SSL_aRSA) | 1002 | if (alg & SSL_aRSA) |
| 995 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | 1003 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 996 | else | 1004 | #else |
| 1005 | if (0) | ||
| 1006 | ; | ||
| 997 | #endif | 1007 | #endif |
| 998 | #ifndef NO_DSA | 1008 | #ifndef NO_DSA |
| 999 | if (alg & SSL_aDSS) | 1009 | else if (alg & SSL_aDSS) |
| 1000 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); | 1010 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); |
| 1001 | #endif | 1011 | #endif |
| 1002 | /* else anonymous DH, so no certificate or pkey. */ | 1012 | /* else anonymous DH, so no certificate or pkey. */ |
| @@ -1010,7 +1020,7 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1010 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); | 1020 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); |
| 1011 | goto f_err; | 1021 | goto f_err; |
| 1012 | } | 1022 | } |
| 1013 | #endif | 1023 | #endif /* !NO_DH */ |
| 1014 | if (alg & SSL_aFZA) | 1024 | if (alg & SSL_aFZA) |
| 1015 | { | 1025 | { |
| 1016 | al=SSL_AD_HANDSHAKE_FAILURE; | 1026 | al=SSL_AD_HANDSHAKE_FAILURE; |
| @@ -1274,7 +1284,7 @@ err: | |||
| 1274 | return(ret); | 1284 | return(ret); |
| 1275 | } | 1285 | } |
| 1276 | 1286 | ||
| 1277 | static int ca_dn_cmp(X509_NAME **a, X509_NAME **b) | 1287 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) |
| 1278 | { | 1288 | { |
| 1279 | return(X509_NAME_cmp(*a,*b)); | 1289 | return(X509_NAME_cmp(*a,*b)); |
| 1280 | } | 1290 | } |