From 95a901d22cb8e548a73bd42d95b1bdf70996f7f2 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 6 Dec 2016 13:38:11 +0000
Subject: Now that ssl3_send_{client,server}_certificate() are using the common
 handshake functions, we can remove more copied code from DTLS.

---
 src/lib/libssl/d1_clnt.c | 69 ++----------------------------------------------
 1 file changed, 2 insertions(+), 67 deletions(-)

(limited to 'src/lib/libssl/d1_clnt.c')

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 07ae92f4c9..42e149f864 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.58 2016/11/04 19:11:43 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.59 2016/12/06 13:38:11 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -384,7 +384,7 @@ dtls1_connect(SSL *s)
 		case SSL3_ST_CW_CERT_C:
 		case SSL3_ST_CW_CERT_D:
 			dtls1_start_timer(s);
-			ret = dtls1_send_client_certificate(s);
+			ret = ssl3_send_client_certificate(s);
 			if (ret <= 0)
 				goto end;
 			s->state = SSL3_ST_CW_KEY_EXCH_A;
@@ -657,68 +657,3 @@ f_err:
 	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 	return -1;
 }
-
-int
-dtls1_send_client_certificate(SSL *s)
-{
-	X509 *x509 = NULL;
-	EVP_PKEY *pkey = NULL;
-	int i;
-	unsigned long l;
-
-	if (s->state ==	SSL3_ST_CW_CERT_A) {
-		if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
-		    (s->cert->key->privatekey == NULL))
-			s->state = SSL3_ST_CW_CERT_B;
-		else
-			s->state = SSL3_ST_CW_CERT_C;
-	}
-
-	/* We need to get a client cert */
-	if (s->state == SSL3_ST_CW_CERT_B) {
-		/* If we get an error, we need to
-		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
-		 * We then get retied later */
-		i = 0;
-		i = ssl_do_client_cert_cb(s, &x509, &pkey);
-		if (i < 0) {
-			s->rwstate = SSL_X509_LOOKUP;
-			return (-1);
-		}
-		s->rwstate = SSL_NOTHING;
-		if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-			s->state = SSL3_ST_CW_CERT_B;
-			if (!SSL_use_certificate(s, x509) ||
-			    !SSL_use_PrivateKey(s, pkey))
-				i = 0;
-		} else if (i == 1) {
-			i = 0;
-			SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
-			    SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-		}
-
-		X509_free(x509);
-		EVP_PKEY_free(pkey);
-		if (i == 0)
-			s->s3->tmp.cert_req = 2;
-
-		/* Ok, we have a cert */
-		s->state = SSL3_ST_CW_CERT_C;
-	}
-
-	if (s->state == SSL3_ST_CW_CERT_C) {
-		s->state = SSL3_ST_CW_CERT_D;
-		l = dtls1_output_cert_chain(s,
-		    (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
-		s->init_num = (int)l;
-		s->init_off = 0;
-
-		/* set header called by dtls1_output_cert_chain() */
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-	}
-
-	/* SSL3_ST_CW_CERT_D */
-	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
-- 
cgit v1.2.3-55-g6feb