diff options
| author | doug <> | 2015-06-18 22:30:47 +0000 |
|---|---|---|
| committer | doug <> | 2015-06-18 22:30:47 +0000 |
| commit | 33dcaa629de0a917bb9314aaaa0c3bac24dc9892 (patch) | |
| tree | a7add1934e8f2ef0d1faa4f6eafe20977c84c199 /src | |
| parent | ebba5e3cc4b758c334aa248be8b185bdaa1510c7 (diff) | |
| download | openbsd-33dcaa629de0a917bb9314aaaa0c3bac24dc9892.tar.gz openbsd-33dcaa629de0a917bb9314aaaa0c3bac24dc9892.tar.bz2 openbsd-33dcaa629de0a917bb9314aaaa0c3bac24dc9892.zip | |
Change DTLS client cert request code to match TLS.
DTLS currently doesn't check whether a client cert is expected. This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65
input + ok jsing@ miod@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_srvr.c | 12 |
2 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 42af17e96e..f3972ae9d0 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -476,11 +476,11 @@ dtls1_accept(SSL *s) | |||
| 476 | dtls1_stop_timer(s); | 476 | dtls1_stop_timer(s); |
| 477 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | 477 | s->state = SSL3_ST_SR_CLNT_HELLO_C; |
| 478 | } else { | 478 | } else { |
| 479 | /* could be sent for a DH cert, even if we | 479 | if (s->s3->tmp.cert_request) { |
| 480 | * have not asked for it :-) */ | 480 | ret = ssl3_get_client_certificate(s); |
| 481 | ret = ssl3_get_client_certificate(s); | 481 | if (ret <= 0) |
| 482 | if (ret <= 0) | 482 | goto end; |
| 483 | goto end; | 483 | } |
| 484 | s->init_num = 0; | 484 | s->init_num = 0; |
| 485 | s->state = SSL3_ST_SR_KEY_EXCH_A; | 485 | s->state = SSL3_ST_SR_KEY_EXCH_A; |
| 486 | } | 486 | } |
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 42af17e96e..f3972ae9d0 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -476,11 +476,11 @@ dtls1_accept(SSL *s) | |||
| 476 | dtls1_stop_timer(s); | 476 | dtls1_stop_timer(s); |
| 477 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | 477 | s->state = SSL3_ST_SR_CLNT_HELLO_C; |
| 478 | } else { | 478 | } else { |
| 479 | /* could be sent for a DH cert, even if we | 479 | if (s->s3->tmp.cert_request) { |
| 480 | * have not asked for it :-) */ | 480 | ret = ssl3_get_client_certificate(s); |
| 481 | ret = ssl3_get_client_certificate(s); | 481 | if (ret <= 0) |
| 482 | if (ret <= 0) | 482 | goto end; |
| 483 | goto end; | 483 | } |
| 484 | s->init_num = 0; | 484 | s->init_num = 0; |
| 485 | s->state = SSL3_ST_SR_KEY_EXCH_A; | 485 | s->state = SSL3_ST_SR_KEY_EXCH_A; |
| 486 | } | 486 | } |