summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c25
1 files changed, 7 insertions, 18 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 884b9f1efb..7d6681b3ac 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.78 2014/07/11 22:57:25 miod Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.79 2014/07/12 13:11:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -339,11 +339,9 @@ ssl3_connect(SSL *s)
339 s->init_num = 0; 339 s->init_num = 0;
340 break; 340 break;
341 } 341 }
342 /* Check if it is anon DH/ECDH or PSK */ 342 /* Check if it is anon DH/ECDH. */
343 if (!(s->s3->tmp.new_cipher->algorithm_auth & 343 if (!(s->s3->tmp.new_cipher->algorithm_auth &
344 SSL_aNULL) && 344 SSL_aNULL)) {
345 !(s->s3->tmp.new_cipher->algorithm_mkey &
346 SSL_kPSK)) {
347 ret = ssl3_get_server_certificate(s); 345 ret = ssl3_get_server_certificate(s);
348 if (ret <= 0) 346 if (ret <= 0)
349 goto end; 347 goto end;
@@ -996,7 +994,6 @@ ssl3_get_server_certificate(SSL *s)
996 SESS_CERT *sc; 994 SESS_CERT *sc;
997 EVP_PKEY *pkey = NULL; 995 EVP_PKEY *pkey = NULL;
998 996
999 /* VRS: 0=> will allow null cert if auth == KRB5 */
1000 int need_cert = 1; 997 int need_cert = 1;
1001 998
1002 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, 999 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
@@ -1005,9 +1002,7 @@ ssl3_get_server_certificate(SSL *s)
1005 if (!ok) 1002 if (!ok)
1006 return ((int)n); 1003 return ((int)n);
1007 1004
1008 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || 1005 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)) {
1009 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
1010 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) {
1011 s->s3->tmp.reuse_message = 1; 1006 s->s3->tmp.reuse_message = 1;
1012 return (1); 1007 return (1);
1013 } 1008 }
@@ -1098,12 +1093,6 @@ ssl3_get_server_certificate(SSL *s)
1098 1093
1099 pkey = X509_get_pubkey(x); 1094 pkey = X509_get_pubkey(x);
1100 1095
1101 /* VRS: allow null cert if auth == KRB5 */
1102 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1103 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1104 ? 0 : 1;
1105
1106
1107 if (need_cert && ((pkey == NULL) || 1096 if (need_cert && ((pkey == NULL) ||
1108 EVP_PKEY_missing_parameters(pkey))) { 1097 EVP_PKEY_missing_parameters(pkey))) {
1109 x = NULL; 1098 x = NULL;
@@ -1553,8 +1542,8 @@ ssl3_get_key_exchange(SSL *s)
1553 } 1542 }
1554 } 1543 }
1555 } else { 1544 } else {
1556 /* aNULL or kPSK do not need public keys */ 1545 /* aNULL does not need public keys. */
1557 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) { 1546 if (!(alg_a & SSL_aNULL)) {
1558 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1547 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1559 ERR_R_INTERNAL_ERROR); 1548 ERR_R_INTERNAL_ERROR);
1560 goto err; 1549 goto err;
@@ -2615,7 +2604,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2615 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2604 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2616 2605
2617 /* We don't have a certificate. */ 2606 /* We don't have a certificate. */
2618 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) 2607 if (alg_a & (SSL_aDH|SSL_aNULL))
2619 return (1); 2608 return (1);
2620 2609
2621 sc = s->session->sess_cert; 2610 sc = s->session->sess_cert;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 14:13:49 +0000