summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_srvr.c185
1 files changed, 120 insertions, 65 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index e003d88357..90806e2d99 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -57,6 +57,8 @@
57 */ 57 */
58 58
59#define REUSE_CIPHER_BUG 59#define REUSE_CIPHER_BUG
60#define NETSCAPE_HANG_BUG
61
60 62
61#include <stdio.h> 63#include <stdio.h>
62#include <openssl/buffer.h> 64#include <openssl/buffer.h>
@@ -70,13 +72,14 @@
70 72
71static SSL_METHOD *ssl3_get_server_method(int ver); 73static SSL_METHOD *ssl3_get_server_method(int ver);
72static int ssl3_get_client_hello(SSL *s); 74static int ssl3_get_client_hello(SSL *s);
75static int ssl3_check_client_hello(SSL *s);
73static int ssl3_send_server_hello(SSL *s); 76static int ssl3_send_server_hello(SSL *s);
74static int ssl3_send_server_key_exchange(SSL *s); 77static int ssl3_send_server_key_exchange(SSL *s);
75static int ssl3_send_certificate_request(SSL *s); 78static int ssl3_send_certificate_request(SSL *s);
76static int ssl3_send_server_done(SSL *s); 79static int ssl3_send_server_done(SSL *s);
77static int ssl3_get_cert_verify(SSL *s);
78static int ssl3_get_client_key_exchange(SSL *s); 80static int ssl3_get_client_key_exchange(SSL *s);
79static int ssl3_get_client_certificate(SSL *s); 81static int ssl3_get_client_certificate(SSL *s);
82static int ssl3_get_cert_verify(SSL *s);
80static int ssl3_send_hello_request(SSL *s); 83static int ssl3_send_hello_request(SSL *s);
81 84
82static SSL_METHOD *ssl3_get_server_method(int ver) 85static SSL_METHOD *ssl3_get_server_method(int ver)
@@ -112,7 +115,7 @@ int ssl3_accept(SSL *s)
112 int ret= -1; 115 int ret= -1;
113 int new_state,state,skip=0; 116 int new_state,state,skip=0;
114 117
115 RAND_seed(&Time,sizeof(Time)); 118 RAND_add(&Time,sizeof(Time),0);
116 ERR_clear_error(); 119 ERR_clear_error();
117 clear_sys_error(); 120 clear_sys_error();
118 121
@@ -151,7 +154,6 @@ int ssl3_accept(SSL *s)
151 154
152 if ((s->version>>8) != 3) 155 if ((s->version>>8) != 3)
153 abort(); 156 abort();
154 /* s->version=SSL3_VERSION; */
155 s->type=SSL_ST_ACCEPT; 157 s->type=SSL_ST_ACCEPT;
156 158
157 if (s->init_buf == NULL) 159 if (s->init_buf == NULL)
@@ -184,8 +186,8 @@ int ssl3_accept(SSL *s)
184 186
185 if (s->state != SSL_ST_RENEGOTIATE) 187 if (s->state != SSL_ST_RENEGOTIATE)
186 { 188 {
187 s->state=SSL3_ST_SR_CLNT_HELLO_A;
188 ssl3_init_finished_mac(s); 189 ssl3_init_finished_mac(s);
190 s->state=SSL3_ST_SR_CLNT_HELLO_A;
189 s->ctx->stats.sess_accept++; 191 s->ctx->stats.sess_accept++;
190 } 192 }
191 else 193 else
@@ -268,8 +270,8 @@ int ssl3_accept(SSL *s)
268 || (l & (SSL_DH|SSL_kFZA)) 270 || (l & (SSL_DH|SSL_kFZA))
269 || ((l & SSL_kRSA) 271 || ((l & SSL_kRSA)
270 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 272 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
271 || (SSL_IS_EXPORT(l) 273 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
272 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l) 274 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
273 ) 275 )
274 ) 276 )
275 ) 277 )
@@ -287,9 +289,19 @@ int ssl3_accept(SSL *s)
287 289
288 case SSL3_ST_SW_CERT_REQ_A: 290 case SSL3_ST_SW_CERT_REQ_A:
289 case SSL3_ST_SW_CERT_REQ_B: 291 case SSL3_ST_SW_CERT_REQ_B:
290 if (!(s->verify_mode & SSL_VERIFY_PEER) || 292 if (/* don't request cert unless asked for it: */
293 !(s->verify_mode & SSL_VERIFY_PEER) ||
294 /* if SSL_VERIFY_CLIENT_ONCE is set,
295 * don't request cert during re-negotiation: */
291 ((s->session->peer != NULL) && 296 ((s->session->peer != NULL) &&
292 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) 297 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
298 /* never request cert in anonymous ciphersuites
299 * (see section "Certificate request" in SSL 3 drafts
300 * and in RFC 2246): */
301 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
302 /* ... except when the application insists on verification
303 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
304 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
293 { 305 {
294 /* no cert request */ 306 /* no cert request */
295 skip=1; 307 skip=1;
@@ -301,7 +313,12 @@ int ssl3_accept(SSL *s)
301 s->s3->tmp.cert_request=1; 313 s->s3->tmp.cert_request=1;
302 ret=ssl3_send_certificate_request(s); 314 ret=ssl3_send_certificate_request(s);
303 if (ret <= 0) goto end; 315 if (ret <= 0) goto end;
316#ifndef NETSCAPE_HANG_BUG
304 s->state=SSL3_ST_SW_SRVR_DONE_A; 317 s->state=SSL3_ST_SW_SRVR_DONE_A;
318#else
319 s->state=SSL3_ST_SW_FLUSH;
320 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
321#endif
305 s->init_num=0; 322 s->init_num=0;
306 } 323 }
307 break; 324 break;
@@ -331,12 +348,20 @@ int ssl3_accept(SSL *s)
331 348
332 case SSL3_ST_SR_CERT_A: 349 case SSL3_ST_SR_CERT_A:
333 case SSL3_ST_SR_CERT_B: 350 case SSL3_ST_SR_CERT_B:
334 /* could be sent for a DH cert, even if we 351 /* Check for second client hello (MS SGC) */
335 * have not asked for it :-) */ 352 ret = ssl3_check_client_hello(s);
336 ret=ssl3_get_client_certificate(s); 353 if (ret <= 0)
337 if (ret <= 0) goto end; 354 goto end;
338 s->init_num=0; 355 if (ret == 2)
339 s->state=SSL3_ST_SR_KEY_EXCH_A; 356 s->state = SSL3_ST_SR_CLNT_HELLO_C;
357 else {
358 /* could be sent for a DH cert, even if we
359 * have not asked for it :-) */
360 ret=ssl3_get_client_certificate(s);
361 if (ret <= 0) goto end;
362 s->init_num=0;
363 s->state=SSL3_ST_SR_KEY_EXCH_A;
364 }
340 break; 365 break;
341 366
342 case SSL3_ST_SR_KEY_EXCH_A: 367 case SSL3_ST_SR_KEY_EXCH_A:
@@ -350,10 +375,10 @@ int ssl3_accept(SSL *s)
350 * a client cert, it can be verified */ 375 * a client cert, it can be verified */
351 s->method->ssl3_enc->cert_verify_mac(s, 376 s->method->ssl3_enc->cert_verify_mac(s,
352 &(s->s3->finish_dgst1), 377 &(s->s3->finish_dgst1),
353 &(s->s3->tmp.finish_md[0])); 378 &(s->s3->tmp.cert_verify_md[0]));
354 s->method->ssl3_enc->cert_verify_mac(s, 379 s->method->ssl3_enc->cert_verify_mac(s,
355 &(s->s3->finish_dgst2), 380 &(s->s3->finish_dgst2),
356 &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH])); 381 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
357 382
358 break; 383 break;
359 384
@@ -407,8 +432,8 @@ int ssl3_accept(SSL *s)
407 case SSL3_ST_SW_FINISHED_B: 432 case SSL3_ST_SW_FINISHED_B:
408 ret=ssl3_send_finished(s, 433 ret=ssl3_send_finished(s,
409 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, 434 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
410 s->method->ssl3_enc->server_finished, 435 s->method->ssl3_enc->server_finished_label,
411 s->method->ssl3_enc->server_finished_len); 436 s->method->ssl3_enc->server_finished_label_len);
412 if (ret <= 0) goto end; 437 if (ret <= 0) goto end;
413 s->state=SSL3_ST_SW_FLUSH; 438 s->state=SSL3_ST_SW_FLUSH;
414 if (s->hit) 439 if (s->hit)
@@ -485,7 +510,7 @@ static int ssl3_send_hello_request(SSL *s)
485 if (s->state == SSL3_ST_SW_HELLO_REQ_A) 510 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
486 { 511 {
487 p=(unsigned char *)s->init_buf->data; 512 p=(unsigned char *)s->init_buf->data;
488 *(p++)=SSL3_MT_CLIENT_REQUEST; 513 *(p++)=SSL3_MT_HELLO_REQUEST;
489 *(p++)=0; 514 *(p++)=0;
490 *(p++)=0; 515 *(p++)=0;
491 *(p++)=0; 516 *(p++)=0;
@@ -500,6 +525,37 @@ static int ssl3_send_hello_request(SSL *s)
500 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 525 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
501 } 526 }
502 527
528static int ssl3_check_client_hello(SSL *s)
529 {
530 int ok;
531 long n;
532
533 n=ssl3_get_message(s,
534 SSL3_ST_SR_CERT_A,
535 SSL3_ST_SR_CERT_B,
536 -1,
537 SSL3_RT_MAX_PLAIN_LENGTH,
538 &ok);
539 if (!ok) return((int)n);
540 s->s3->tmp.reuse_message = 1;
541 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
542 {
543 /* Throw away what we have done so far in the current handshake,
544 * which will now be aborted. (A full SSL_clear would be too much.)
545 * I hope that tmp.dh is the only thing that may need to be cleared
546 * when a handshake is not completed ... */
547#ifndef NO_DH
548 if (s->s3->tmp.dh != NULL)
549 {
550 DH_free(s->s3->tmp.dh);
551 s->s3->tmp.dh = NULL;
552 }
553#endif
554 return 2;
555 }
556 return 1;
557}
558
503static int ssl3_get_client_hello(SSL *s) 559static int ssl3_get_client_hello(SSL *s)
504 { 560 {
505 int i,j,ok,al,ret= -1; 561 int i,j,ok,al,ret= -1;
@@ -531,10 +587,9 @@ static int ssl3_get_client_hello(SSL *s)
531 if (!ok) return((int)n); 587 if (!ok) return((int)n);
532 d=p=(unsigned char *)s->init_buf->data; 588 d=p=(unsigned char *)s->init_buf->data;
533 589
534 /* The version number has already been checked in ssl3_get_message. 590 /* use version from inside client hello, not from record header
535 * I a native TLSv1/SSLv3 method, the match must be correct except 591 * (may differ: see RFC 2246, Appendix E, second paragraph) */
536 * perhaps for the first message */ 592 s->client_version=(((int)p[0])<<8)|(int)p[1];
537/* s->client_version=(((int)p[0])<<8)|(int)p[1]; */
538 p+=2; 593 p+=2;
539 594
540 /* load the client random */ 595 /* load the client random */
@@ -754,7 +809,7 @@ static int ssl3_get_client_hello(SSL *s)
754 * compression - basically ignored right now 809 * compression - basically ignored right now
755 * ssl version is set - sslv3 810 * ssl version is set - sslv3
756 * s->session - The ssl session has been setup. 811 * s->session - The ssl session has been setup.
757 * s->hit - sesson reuse flag 812 * s->hit - session reuse flag
758 * s->tmp.new_cipher - the new cipher to use. 813 * s->tmp.new_cipher - the new cipher to use.
759 */ 814 */
760 815
@@ -782,7 +837,7 @@ static int ssl3_send_server_hello(SSL *s)
782 p=s->s3->server_random; 837 p=s->s3->server_random;
783 Time=time(NULL); /* Time */ 838 Time=time(NULL); /* Time */
784 l2n(Time,p); 839 l2n(Time,p);
785 RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); 840 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
786 /* Do the message type and length last */ 841 /* Do the message type and length last */
787 d=p= &(buf[4]); 842 d=p= &(buf[4]);
788 843
@@ -866,9 +921,10 @@ static int ssl3_send_server_key_exchange(SSL *s)
866 int j,num; 921 int j,num;
867 RSA *rsa; 922 RSA *rsa;
868 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 923 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
924 unsigned int u;
869#endif 925#endif
870#ifndef NO_DH 926#ifndef NO_DH
871 DH *dh,*dhp; 927 DH *dh=NULL,*dhp;
872#endif 928#endif
873 EVP_PKEY *pkey; 929 EVP_PKEY *pkey;
874 unsigned char *p,*d; 930 unsigned char *p,*d;
@@ -899,6 +955,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
899 rsa=s->cert->rsa_tmp_cb(s, 955 rsa=s->cert->rsa_tmp_cb(s,
900 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 956 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
901 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 957 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
958 if(rsa == NULL)
959 {
960 al=SSL_AD_HANDSHAKE_FAILURE;
961 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
962 goto f_err;
963 }
902 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); 964 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
903 cert->rsa_tmp=rsa; 965 cert->rsa_tmp=rsa;
904 } 966 }
@@ -928,6 +990,14 @@ static int ssl3_send_server_key_exchange(SSL *s)
928 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); 990 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
929 goto f_err; 991 goto f_err;
930 } 992 }
993
994 if (s->s3->tmp.dh != NULL)
995 {
996 DH_free(dh);
997 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_INTERNAL_ERROR);
998 goto err;
999 }
1000
931 if ((dh=DHparams_dup(dhp)) == NULL) 1001 if ((dh=DHparams_dup(dhp)) == NULL)
932 { 1002 {
933 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); 1003 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
@@ -1027,15 +1097,14 @@ static int ssl3_send_server_key_exchange(SSL *s)
1027 q+=i; 1097 q+=i;
1028 j+=i; 1098 j+=i;
1029 } 1099 }
1030 i=RSA_private_encrypt(j,md_buf,&(p[2]), 1100 if (RSA_sign(NID_md5_sha1, md_buf, j,
1031 pkey->pkey.rsa,RSA_PKCS1_PADDING); 1101 &(p[2]), &u, pkey->pkey.rsa) <= 0)
1032 if (i <= 0)
1033 { 1102 {
1034 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); 1103 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1035 goto err; 1104 goto err;
1036 } 1105 }
1037 s2n(i,p); 1106 s2n(u,p);
1038 n+=i+2; 1107 n+=u+2;
1039 } 1108 }
1040 else 1109 else
1041#endif 1110#endif
@@ -1075,7 +1144,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
1075 s->init_off=0; 1144 s->init_off=0;
1076 } 1145 }
1077 1146
1078 /* SSL3_ST_SW_KEY_EXCH_B */ 1147 s->state = SSL3_ST_SW_KEY_EXCH_B;
1079 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1148 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1080f_err: 1149f_err:
1081 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1150 ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -1152,6 +1221,17 @@ static int ssl3_send_certificate_request(SSL *s)
1152 1221
1153 s->init_num=n+4; 1222 s->init_num=n+4;
1154 s->init_off=0; 1223 s->init_off=0;
1224#ifdef NETSCAPE_HANG_BUG
1225 p=(unsigned char *)s->init_buf->data + s->init_num;
1226
1227 /* do the header */
1228 *(p++)=SSL3_MT_SERVER_DONE;
1229 *(p++)=0;
1230 *(p++)=0;
1231 *(p++)=0;
1232 s->init_num += 4;
1233#endif
1234
1155 } 1235 }
1156 1236
1157 /* SSL3_ST_SW_CERT_REQ_B */ 1237 /* SSL3_ST_SW_CERT_REQ_B */
@@ -1239,31 +1319,6 @@ static int ssl3_get_client_key_exchange(SSL *s)
1239 1319
1240 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); 1320 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
1241 1321
1242#if 1
1243 /* If a bad decrypt, use a random master key */
1244 if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
1245 ((p[0] != (s->client_version>>8)) ||
1246 (p[1] != (s->client_version & 0xff))))
1247 {
1248 int bad=1;
1249
1250 if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
1251 (p[0] == (s->version>>8)) &&
1252 (p[1] == 0))
1253 {
1254 if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
1255 bad=0;
1256 }
1257 if (bad)
1258 {
1259 p[0]=(s->version>>8);
1260 p[1]=(s->version & 0xff);
1261 RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
1262 i=SSL_MAX_MASTER_KEY_LENGTH;
1263 }
1264 /* else, an SSLeay bug, ssl only server, tls client */
1265 }
1266#else
1267 if (i != SSL_MAX_MASTER_KEY_LENGTH) 1322 if (i != SSL_MAX_MASTER_KEY_LENGTH)
1268 { 1323 {
1269 al=SSL_AD_DECODE_ERROR; 1324 al=SSL_AD_DECODE_ERROR;
@@ -1271,13 +1326,12 @@ static int ssl3_get_client_key_exchange(SSL *s)
1271 goto f_err; 1326 goto f_err;
1272 } 1327 }
1273 1328
1274 if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff))) 1329 if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff)))
1275 { 1330 {
1276 al=SSL_AD_DECODE_ERROR; 1331 al=SSL_AD_DECODE_ERROR;
1277 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); 1332 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
1278 goto f_err; 1333 goto f_err;
1279 } 1334 }
1280#endif
1281 1335
1282 s->session->master_key_length= 1336 s->session->master_key_length=
1283 s->method->ssl3_enc->generate_master_secret(s, 1337 s->method->ssl3_enc->generate_master_secret(s,
@@ -1450,16 +1504,16 @@ static int ssl3_get_cert_verify(SSL *s)
1450#ifndef NO_RSA 1504#ifndef NO_RSA
1451 if (pkey->type == EVP_PKEY_RSA) 1505 if (pkey->type == EVP_PKEY_RSA)
1452 { 1506 {
1453 i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING); 1507 i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
1508 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
1509 pkey->pkey.rsa);
1454 if (i < 0) 1510 if (i < 0)
1455 { 1511 {
1456 al=SSL_AD_DECRYPT_ERROR; 1512 al=SSL_AD_DECRYPT_ERROR;
1457 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); 1513 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
1458 goto f_err; 1514 goto f_err;
1459 } 1515 }
1460 if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) || 1516 if (i == 0)
1461 memcmp(&(s->s3->tmp.finish_md[0]),p,
1462 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH))
1463 { 1517 {
1464 al=SSL_AD_DECRYPT_ERROR; 1518 al=SSL_AD_DECRYPT_ERROR;
1465 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); 1519 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
@@ -1472,7 +1526,7 @@ static int ssl3_get_cert_verify(SSL *s)
1472 if (pkey->type == EVP_PKEY_DSA) 1526 if (pkey->type == EVP_PKEY_DSA)
1473 { 1527 {
1474 j=DSA_verify(pkey->save_type, 1528 j=DSA_verify(pkey->save_type,
1475 &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]), 1529 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
1476 SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); 1530 SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
1477 if (j <= 0) 1531 if (j <= 0)
1478 { 1532 {
@@ -1532,7 +1586,7 @@ static int ssl3_get_client_certificate(SSL *s)
1532 al=SSL_AD_HANDSHAKE_FAILURE; 1586 al=SSL_AD_HANDSHAKE_FAILURE;
1533 goto f_err; 1587 goto f_err;
1534 } 1588 }
1535 /* If tls asked for a client cert we must return a 0 list */ 1589 /* If tls asked for a client cert, the client must return a 0 list */
1536 if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) 1590 if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
1537 { 1591 {
1538 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); 1592 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
@@ -1628,6 +1682,7 @@ static int ssl3_get_client_certificate(SSL *s)
1628 if (s->session->peer != NULL) /* This should not be needed */ 1682 if (s->session->peer != NULL) /* This should not be needed */
1629 X509_free(s->session->peer); 1683 X509_free(s->session->peer);
1630 s->session->peer=sk_X509_shift(sk); 1684 s->session->peer=sk_X509_shift(sk);
1685 s->session->verify_result = s->verify_result;
1631 1686
1632 /* With the current implementation, sess_cert will always be NULL 1687 /* With the current implementation, sess_cert will always be NULL
1633 * when we arrive here. */ 1688 * when we arrive here. */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 07:53:02 +0000