diff options
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 508e131730..605f0a59ad 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.85 2017/03/05 14:24:12 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.86 2017/03/10 16:03:27 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -519,13 +519,23 @@ dtls1_accept(SSL *s) | |||
| 519 | s->internal->state = SSL3_ST_SR_CERT_VRFY_A; | 519 | s->internal->state = SSL3_ST_SR_CERT_VRFY_A; |
| 520 | s->internal->init_num = 0; | 520 | s->internal->init_num = 0; |
| 521 | 521 | ||
| 522 | /* We need to get hashes here so if there is | 522 | /* |
| 523 | * a client cert, it can be verified */ | 523 | * We need to get hashes here so if there is |
| 524 | tls1_cert_verify_mac(s, | 524 | * a client cert, it can be verified. |
| 525 | NID_md5, &(S3I(s)->tmp.cert_verify_md[0])); | 525 | */ |
| 526 | tls1_cert_verify_mac(s, | 526 | if (S3I(s)->handshake_buffer) { |
| 527 | NID_sha1, | 527 | if (!tls1_digest_cached_records(s)) { |
| 528 | &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | 528 | ret = -1; |
| 529 | goto end; | ||
| 530 | } | ||
| 531 | } | ||
| 532 | if (!tls1_handshake_hash_value(s, | ||
| 533 | S3I(s)->tmp.cert_verify_md, | ||
| 534 | sizeof(S3I(s)->tmp.cert_verify_md), | ||
| 535 | NULL)) { | ||
| 536 | ret = -1; | ||
| 537 | goto end; | ||
| 538 | } | ||
| 529 | } | 539 | } |
| 530 | break; | 540 | break; |
| 531 | 541 | ||