From b8dda8f19c80fc9ca652b971559629a06b9a17eb Mon Sep 17 00:00:00 2001
From: markus <>
Date: Tue, 30 Sep 2003 21:30:28 +0000
Subject: more fixes from 0.9.7c, ok deraadt, cloder

---
 src/lib/libssl/s3_srvr.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'src/lib/libssl/s3_srvr.c')

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index cd7b88eeb5..57f1d3f52a 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -432,10 +432,11 @@ int ssl3_accept(SSL *s)
 			if (ret == 2)
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
 			else {
-				/* could be sent for a DH cert, even if we
-				 * have not asked for it :-) */
-				ret=ssl3_get_client_certificate(s);
-				if (ret <= 0) goto end;
+				if (s->s3->tmp.cert_request)
+					{
+					ret=ssl3_get_client_certificate(s);
+					if (ret <= 0) goto end;
+					}
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}
@@ -845,6 +846,9 @@ static int ssl3_get_client_hello(SSL *s)
 		}
 
 	/* TLS does not mind if there is extra stuff */
+#if 0   /* SSL 3.0 does not mind either, so we should disable this test
+         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
 	if (s->version == SSL3_VERSION)
 		{
 		if (p < (d+n))
@@ -856,6 +860,7 @@ static int ssl3_get_client_hello(SSL *s)
 			goto f_err;
 			}
 		}
+#endif
 
 	/* Given s->session->ciphers and SSL_get_ciphers, we must
 	 * pick a cipher */
@@ -1353,6 +1358,7 @@ static int ssl3_send_certificate_request(SSL *s)
 		s->init_num += 4;
 #endif
 
+		s->state = SSL3_ST_SW_CERT_REQ_B;
 		}
 
 	/* SSL3_ST_SW_CERT_REQ_B */
-- 
cgit v1.2.3-55-g6feb