summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authormarkus <>2003-09-30 21:30:28 +0000
committermarkus <>2003-09-30 21:30:28 +0000
commitb8dda8f19c80fc9ca652b971559629a06b9a17eb (patch)
treea20a63825244fc50f51f504ef6909a7497a5b7d9 /src/lib
parent5e59d119ef27ac38b6179a37b15c3e59d463b3e3 (diff)
downloadopenbsd-b8dda8f19c80fc9ca652b971559629a06b9a17eb.tar.gz
openbsd-b8dda8f19c80fc9ca652b971559629a06b9a17eb.tar.bz2
openbsd-b8dda8f19c80fc9ca652b971559629a06b9a17eb.zip
more fixes from 0.9.7c, ok deraadt, cloder
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/s3_clnt.c1
-rw-r--r--src/lib/libssl/s3_srvr.c14
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c1
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c14
4 files changed, 22 insertions, 8 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index b35d1b0107..d51b60e343 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1768,6 +1768,7 @@ static int ssl3_send_client_verify(SSL *s)
1768 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 1768 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
1769 l2n3(n,d); 1769 l2n3(n,d);
1770 1770
1771 s->state=SSL3_ST_CW_CERT_VRFY_B;
1771 s->init_num=(int)n+4; 1772 s->init_num=(int)n+4;
1772 s->init_off=0; 1773 s->init_off=0;
1773 } 1774 }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index cd7b88eeb5..57f1d3f52a 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -432,10 +432,11 @@ int ssl3_accept(SSL *s)
432 if (ret == 2) 432 if (ret == 2)
433 s->state = SSL3_ST_SR_CLNT_HELLO_C; 433 s->state = SSL3_ST_SR_CLNT_HELLO_C;
434 else { 434 else {
435 /* could be sent for a DH cert, even if we 435 if (s->s3->tmp.cert_request)
436 * have not asked for it :-) */ 436 {
437 ret=ssl3_get_client_certificate(s); 437 ret=ssl3_get_client_certificate(s);
438 if (ret <= 0) goto end; 438 if (ret <= 0) goto end;
439 }
439 s->init_num=0; 440 s->init_num=0;
440 s->state=SSL3_ST_SR_KEY_EXCH_A; 441 s->state=SSL3_ST_SR_KEY_EXCH_A;
441 } 442 }
@@ -845,6 +846,9 @@ static int ssl3_get_client_hello(SSL *s)
845 } 846 }
846 847
847 /* TLS does not mind if there is extra stuff */ 848 /* TLS does not mind if there is extra stuff */
849#if 0 /* SSL 3.0 does not mind either, so we should disable this test
850 * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
851 * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
848 if (s->version == SSL3_VERSION) 852 if (s->version == SSL3_VERSION)
849 { 853 {
850 if (p < (d+n)) 854 if (p < (d+n))
@@ -856,6 +860,7 @@ static int ssl3_get_client_hello(SSL *s)
856 goto f_err; 860 goto f_err;
857 } 861 }
858 } 862 }
863#endif
859 864
860 /* Given s->session->ciphers and SSL_get_ciphers, we must 865 /* Given s->session->ciphers and SSL_get_ciphers, we must
861 * pick a cipher */ 866 * pick a cipher */
@@ -1353,6 +1358,7 @@ static int ssl3_send_certificate_request(SSL *s)
1353 s->init_num += 4; 1358 s->init_num += 4;
1354#endif 1359#endif
1355 1360
1361 s->state = SSL3_ST_SW_CERT_REQ_B;
1356 } 1362 }
1357 1363
1358 /* SSL3_ST_SW_CERT_REQ_B */ 1364 /* SSL3_ST_SW_CERT_REQ_B */
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index b35d1b0107..d51b60e343 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1768,6 +1768,7 @@ static int ssl3_send_client_verify(SSL *s)
1768 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 1768 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
1769 l2n3(n,d); 1769 l2n3(n,d);
1770 1770
1771 s->state=SSL3_ST_CW_CERT_VRFY_B;
1771 s->init_num=(int)n+4; 1772 s->init_num=(int)n+4;
1772 s->init_off=0; 1773 s->init_off=0;
1773 } 1774 }
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index cd7b88eeb5..57f1d3f52a 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -432,10 +432,11 @@ int ssl3_accept(SSL *s)
432 if (ret == 2) 432 if (ret == 2)
433 s->state = SSL3_ST_SR_CLNT_HELLO_C; 433 s->state = SSL3_ST_SR_CLNT_HELLO_C;
434 else { 434 else {
435 /* could be sent for a DH cert, even if we 435 if (s->s3->tmp.cert_request)
436 * have not asked for it :-) */ 436 {
437 ret=ssl3_get_client_certificate(s); 437 ret=ssl3_get_client_certificate(s);
438 if (ret <= 0) goto end; 438 if (ret <= 0) goto end;
439 }
439 s->init_num=0; 440 s->init_num=0;
440 s->state=SSL3_ST_SR_KEY_EXCH_A; 441 s->state=SSL3_ST_SR_KEY_EXCH_A;
441 } 442 }
@@ -845,6 +846,9 @@ static int ssl3_get_client_hello(SSL *s)
845 } 846 }
846 847
847 /* TLS does not mind if there is extra stuff */ 848 /* TLS does not mind if there is extra stuff */
849#if 0 /* SSL 3.0 does not mind either, so we should disable this test
850 * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
851 * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
848 if (s->version == SSL3_VERSION) 852 if (s->version == SSL3_VERSION)
849 { 853 {
850 if (p < (d+n)) 854 if (p < (d+n))
@@ -856,6 +860,7 @@ static int ssl3_get_client_hello(SSL *s)
856 goto f_err; 860 goto f_err;
857 } 861 }
858 } 862 }
863#endif
859 864
860 /* Given s->session->ciphers and SSL_get_ciphers, we must 865 /* Given s->session->ciphers and SSL_get_ciphers, we must
861 * pick a cipher */ 866 * pick a cipher */
@@ -1353,6 +1358,7 @@ static int ssl3_send_certificate_request(SSL *s)
1353 s->init_num += 4; 1358 s->init_num += 4;
1354#endif 1359#endif
1355 1360
1361 s->state = SSL3_ST_SW_CERT_REQ_B;
1356 } 1362 }
1357 1363
1358 /* SSL3_ST_SW_CERT_REQ_B */ 1364 /* SSL3_ST_SW_CERT_REQ_B */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 08:53:27 +0000