diff options
| author | markus <> | 2003-09-30 21:30:28 +0000 | 
|---|---|---|
| committer | markus <> | 2003-09-30 21:30:28 +0000 | 
| commit | b8dda8f19c80fc9ca652b971559629a06b9a17eb (patch) | |
| tree | a20a63825244fc50f51f504ef6909a7497a5b7d9 /src/lib | |
| parent | 5e59d119ef27ac38b6179a37b15c3e59d463b3e3 (diff) | |
| download | openbsd-b8dda8f19c80fc9ca652b971559629a06b9a17eb.tar.gz openbsd-b8dda8f19c80fc9ca652b971559629a06b9a17eb.tar.bz2 openbsd-b8dda8f19c80fc9ca652b971559629a06b9a17eb.zip | |
more fixes from 0.9.7c, ok deraadt, cloder
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 14 | 
4 files changed, 22 insertions, 8 deletions
| diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index b35d1b0107..d51b60e343 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1768,6 +1768,7 @@ static int ssl3_send_client_verify(SSL *s) | |||
| 1768 | *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | 1768 | *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | 
| 1769 | l2n3(n,d); | 1769 | l2n3(n,d); | 
| 1770 | 1770 | ||
| 1771 | s->state=SSL3_ST_CW_CERT_VRFY_B; | ||
| 1771 | s->init_num=(int)n+4; | 1772 | s->init_num=(int)n+4; | 
| 1772 | s->init_off=0; | 1773 | s->init_off=0; | 
| 1773 | } | 1774 | } | 
| diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index cd7b88eeb5..57f1d3f52a 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -432,10 +432,11 @@ int ssl3_accept(SSL *s) | |||
| 432 | if (ret == 2) | 432 | if (ret == 2) | 
| 433 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | 433 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | 
| 434 | else { | 434 | else { | 
| 435 | /* could be sent for a DH cert, even if we | 435 | if (s->s3->tmp.cert_request) | 
| 436 | * have not asked for it :-) */ | 436 | { | 
| 437 | ret=ssl3_get_client_certificate(s); | 437 | ret=ssl3_get_client_certificate(s); | 
| 438 | if (ret <= 0) goto end; | 438 | if (ret <= 0) goto end; | 
| 439 | } | ||
| 439 | s->init_num=0; | 440 | s->init_num=0; | 
| 440 | s->state=SSL3_ST_SR_KEY_EXCH_A; | 441 | s->state=SSL3_ST_SR_KEY_EXCH_A; | 
| 441 | } | 442 | } | 
| @@ -845,6 +846,9 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 845 | } | 846 | } | 
| 846 | 847 | ||
| 847 | /* TLS does not mind if there is extra stuff */ | 848 | /* TLS does not mind if there is extra stuff */ | 
| 849 | #if 0 /* SSL 3.0 does not mind either, so we should disable this test | ||
| 850 | * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, | ||
| 851 | * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */ | ||
| 848 | if (s->version == SSL3_VERSION) | 852 | if (s->version == SSL3_VERSION) | 
| 849 | { | 853 | { | 
| 850 | if (p < (d+n)) | 854 | if (p < (d+n)) | 
| @@ -856,6 +860,7 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 856 | goto f_err; | 860 | goto f_err; | 
| 857 | } | 861 | } | 
| 858 | } | 862 | } | 
| 863 | #endif | ||
| 859 | 864 | ||
| 860 | /* Given s->session->ciphers and SSL_get_ciphers, we must | 865 | /* Given s->session->ciphers and SSL_get_ciphers, we must | 
| 861 | * pick a cipher */ | 866 | * pick a cipher */ | 
| @@ -1353,6 +1358,7 @@ static int ssl3_send_certificate_request(SSL *s) | |||
| 1353 | s->init_num += 4; | 1358 | s->init_num += 4; | 
| 1354 | #endif | 1359 | #endif | 
| 1355 | 1360 | ||
| 1361 | s->state = SSL3_ST_SW_CERT_REQ_B; | ||
| 1356 | } | 1362 | } | 
| 1357 | 1363 | ||
| 1358 | /* SSL3_ST_SW_CERT_REQ_B */ | 1364 | /* SSL3_ST_SW_CERT_REQ_B */ | 
| diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index b35d1b0107..d51b60e343 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1768,6 +1768,7 @@ static int ssl3_send_client_verify(SSL *s) | |||
| 1768 | *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | 1768 | *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | 
| 1769 | l2n3(n,d); | 1769 | l2n3(n,d); | 
| 1770 | 1770 | ||
| 1771 | s->state=SSL3_ST_CW_CERT_VRFY_B; | ||
| 1771 | s->init_num=(int)n+4; | 1772 | s->init_num=(int)n+4; | 
| 1772 | s->init_off=0; | 1773 | s->init_off=0; | 
| 1773 | } | 1774 | } | 
| diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index cd7b88eeb5..57f1d3f52a 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -432,10 +432,11 @@ int ssl3_accept(SSL *s) | |||
| 432 | if (ret == 2) | 432 | if (ret == 2) | 
| 433 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | 433 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | 
| 434 | else { | 434 | else { | 
| 435 | /* could be sent for a DH cert, even if we | 435 | if (s->s3->tmp.cert_request) | 
| 436 | * have not asked for it :-) */ | 436 | { | 
| 437 | ret=ssl3_get_client_certificate(s); | 437 | ret=ssl3_get_client_certificate(s); | 
| 438 | if (ret <= 0) goto end; | 438 | if (ret <= 0) goto end; | 
| 439 | } | ||
| 439 | s->init_num=0; | 440 | s->init_num=0; | 
| 440 | s->state=SSL3_ST_SR_KEY_EXCH_A; | 441 | s->state=SSL3_ST_SR_KEY_EXCH_A; | 
| 441 | } | 442 | } | 
| @@ -845,6 +846,9 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 845 | } | 846 | } | 
| 846 | 847 | ||
| 847 | /* TLS does not mind if there is extra stuff */ | 848 | /* TLS does not mind if there is extra stuff */ | 
| 849 | #if 0 /* SSL 3.0 does not mind either, so we should disable this test | ||
| 850 | * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, | ||
| 851 | * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */ | ||
| 848 | if (s->version == SSL3_VERSION) | 852 | if (s->version == SSL3_VERSION) | 
| 849 | { | 853 | { | 
| 850 | if (p < (d+n)) | 854 | if (p < (d+n)) | 
| @@ -856,6 +860,7 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 856 | goto f_err; | 860 | goto f_err; | 
| 857 | } | 861 | } | 
| 858 | } | 862 | } | 
| 863 | #endif | ||
| 859 | 864 | ||
| 860 | /* Given s->session->ciphers and SSL_get_ciphers, we must | 865 | /* Given s->session->ciphers and SSL_get_ciphers, we must | 
| 861 | * pick a cipher */ | 866 | * pick a cipher */ | 
| @@ -1353,6 +1358,7 @@ static int ssl3_send_certificate_request(SSL *s) | |||
| 1353 | s->init_num += 4; | 1358 | s->init_num += 4; | 
| 1354 | #endif | 1359 | #endif | 
| 1355 | 1360 | ||
| 1361 | s->state = SSL3_ST_SW_CERT_REQ_B; | ||
| 1356 | } | 1362 | } | 
| 1357 | 1363 | ||
| 1358 | /* SSL3_ST_SW_CERT_REQ_B */ | 1364 | /* SSL3_ST_SW_CERT_REQ_B */ | 
