From 1f1afc6cbcd63106aed19c1803381ba73c23a55f Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 4 Mar 2017 16:15:02 +0000
Subject: Call ssl3_handshake_write() instead of ssl3_do_write() - this was
 missed when ssl3_send_client_certificate() was converted to the standard
 handshake functions in r1.150 of s3_clnt.c.

This has no impact on TLS, however it causes the DTLS client to fail if the
server sends a certificate request, since the TLS MAC is calculated on a
non-populated DTLS header.

Issue reported by umokk on github.
---
 src/lib/libssl/ssl_clnt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 223190c0a0..65939141a2 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.7 2017/03/01 14:01:24 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.8 2017/03/04 16:15:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2539,7 +2539,7 @@ ssl3_send_client_certificate(SSL *s)
 	}
 
 	/* SSL3_ST_CW_CERT_D */
-	return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+	return (ssl3_handshake_write(s));
 
  err:
 	CBB_cleanup(&cbb);
-- 
cgit v1.2.3-55-g6feb