Change DTLS client cert request code to match TLS.

DTLS currently doesn't check whether a client cert is expected. This change makes the logic in dtls1_accept() match that from ssl3_accept(). From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 input + ok jsing@ miod@
author: doug <> 2015-06-18 22:30:47 +0000
committer: doug <> 2015-06-18 22:30:47 +0000
commit: 5bf33d31cf897321ff72591b1f9aea4ad011305a (patch)
tree: a7add1934e8f2ef0d1faa4f6eafe20977c84c199 /src/lib
parent: c52a67e162398870b15074342af66b8f2970f20b (diff)
download: openbsd-5bf33d31cf897321ff72591b1f9aea4ad011305a.tar.gz
openbsd-5bf33d31cf897321ff72591b1f9aea4ad011305a.tar.bz2
openbsd-5bf33d31cf897321ff72591b1f9aea4ad011305a.zip
2 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 42af17e96e..f3972ae9d0 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -476,11 +476,11 @@ dtls1_accept(SSL *s)
                                dtls1_stop_timer(s);
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
                        } else {
-                                /* could be sent for a DH cert, even if we
+                                if (s->s3->tmp.cert_request) {
-                                 * have not asked for it :-) */
+                                        ret = ssl3_get_client_certificate(s);
-                                ret = ssl3_get_client_certificate(s);
+                                        if (ret <= 0)
-                                if (ret <= 0)
+                                                goto end;
-                                        goto end;
+                                }
                                s->init_num = 0;
                                s->state = SSL3_ST_SR_KEY_EXCH_A;
                        }
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 42af17e96e..f3972ae9d0 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -476,11 +476,11 @@ dtls1_accept(SSL *s)
                                dtls1_stop_timer(s);
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
                        } else {
-                                /* could be sent for a DH cert, even if we
+                                if (s->s3->tmp.cert_request) {
-                                 * have not asked for it :-) */
+                                        ret = ssl3_get_client_certificate(s);
-                                ret = ssl3_get_client_certificate(s);
+                                        if (ret <= 0)
-                                if (ret <= 0)
+                                                goto end;
-                                        goto end;
+                                }
                                s->init_num = 0;
                                s->state = SSL3_ST_SR_KEY_EXCH_A;
                        }
author	doug <>	2015-06-18 22:30:47 +0000
committer	doug <>	2015-06-18 22:30:47 +0000
commit	5bf33d31cf897321ff72591b1f9aea4ad011305a (patch)
tree	a7add1934e8f2ef0d1faa4f6eafe20977c84c199 /src/lib
parent	c52a67e162398870b15074342af66b8f2970f20b (diff)
download	openbsd-5bf33d31cf897321ff72591b1f9aea4ad011305a.tar.gz openbsd-5bf33d31cf897321ff72591b1f9aea4ad011305a.tar.bz2 openbsd-5bf33d31cf897321ff72591b1f9aea4ad011305a.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 42af17e96e..f3972ae9d0 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -476,11 +476,11 @@ dtls1_accept(SSL *s)
476	dtls1_stop_timer(s);	476	dtls1_stop_timer(s);
477	s->state = SSL3_ST_SR_CLNT_HELLO_C;	477	s->state = SSL3_ST_SR_CLNT_HELLO_C;
478	} else {	478	} else {
479	/* could be sent for a DH cert, even if we	479	if (s->s3->tmp.cert_request) {
480	* have not asked for it :-) */	480	ret = ssl3_get_client_certificate(s);
481	ret = ssl3_get_client_certificate(s);	481	if (ret <= 0)
482	if (ret <= 0)	482	goto end;
483	goto end;	483	}
484	s->init_num = 0;	484	s->init_num = 0;
485	s->state = SSL3_ST_SR_KEY_EXCH_A;	485	s->state = SSL3_ST_SR_KEY_EXCH_A;
486	}	486	}


diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 42af17e96e..f3972ae9d0 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -476,11 +476,11 @@ dtls1_accept(SSL *s)
476	dtls1_stop_timer(s);	476	dtls1_stop_timer(s);
477	s->state = SSL3_ST_SR_CLNT_HELLO_C;	477	s->state = SSL3_ST_SR_CLNT_HELLO_C;
478	} else {	478	} else {
479	/* could be sent for a DH cert, even if we	479	if (s->s3->tmp.cert_request) {
480	* have not asked for it :-) */	480	ret = ssl3_get_client_certificate(s);
481	ret = ssl3_get_client_certificate(s);	481	if (ret <= 0)
482	if (ret <= 0)	482	goto end;
483	goto end;	483	}
484	s->init_num = 0;	484	s->init_num = 0;
485	s->state = SSL3_ST_SR_KEY_EXCH_A;	485	s->state = SSL3_ST_SR_KEY_EXCH_A;
486	}	486	}