From 9c1aa44a1eacea897c0432e796b205b8484ff4d2 Mon Sep 17 00:00:00 2001 From: markus <> Date: Tue, 11 Nov 2003 21:21:30 +0000 Subject: import 0.9.7c --- src/lib/libssl/s3_clnt.c | 1 + src/lib/libssl/s3_srvr.c | 14 ++++++++++---- src/lib/libssl/ssl_lib.c | 5 +++++ src/lib/libssl/ssl_rsa.c | 4 +++- src/lib/libssl/ssl_sess.c | 4 ++-- 5 files changed, 21 insertions(+), 7 deletions(-) (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index fae8eadada..eb7daebfdf 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c @@ -1769,6 +1769,7 @@ static int ssl3_send_client_verify(SSL *s) *(d++)=SSL3_MT_CERTIFICATE_VERIFY; l2n3(n,d); + s->state=SSL3_ST_CW_CERT_VRFY_B; s->init_num=(int)n+4; s->init_off=0; } diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 58cf774967..881f68b998 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c @@ -431,10 +431,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } @@ -844,6 +845,9 @@ static int ssl3_get_client_hello(SSL *s) } /* TLS does not mind if there is extra stuff */ +#if 0 /* SSL 3.0 does not mind either, so we should disable this test + * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, + * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */ if (s->version == SSL3_VERSION) { if (p < (d+n)) @@ -855,6 +859,7 @@ static int ssl3_get_client_hello(SSL *s) goto f_err; } } +#endif /* Given s->session->ciphers and SSL_get_ciphers, we must * pick a cipher */ @@ -1352,6 +1357,7 @@ static int ssl3_send_certificate_request(SSL *s) s->init_num += 4; #endif + s->state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index ddd8114587..6d69890688 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -473,6 +473,11 @@ void SSL_free(SSL *s) if (s->method != NULL) s->method->ssl_free(s); +#ifndef OPENSSL_NO_KRB5 + if (s->kssl_ctx != NULL) + kssl_ctx_free(s->kssl_ctx); +#endif /* OPENSSL_NO_KRB5 */ + OPENSSL_free(s); } diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 03828b6632..330390519b 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c @@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) ok=1; else #endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) + if (!X509_check_private_key(c->pkeys[i].x509,pkey)) { if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) { @@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return(0); } + ERR_clear_error(); /* make sure no error from X509_check_private_key() + * is left if we have chosen to ignore it */ if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index fbc30b94e6..fabcdefa6e 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c @@ -79,11 +79,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; if(sess) sess->references++; - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); return(sess); } -- cgit v1.2.3-55-g6feb