[src/trunk]: src/crypto/dist/openssl/ssl more fixes from 0.9.7c, from openbsd

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/dist/openssl/ssl more fixes from 0.9.7c, from openbsd
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 13:45:20 +0000

details:   https://anonhg.NetBSD.org/src/rev/37e8b79afeb7
branches:  trunk
changeset: 552748:37e8b79afeb7
user:      itojun <itojun%NetBSD.org@localhost>
date:      Thu Oct 02 02:26:17 2003 +0000

description:
more fixes from 0.9.7c, from openbsd

diffstat:

 crypto/dist/openssl/ssl/s3_clnt.c |   1 +
 crypto/dist/openssl/ssl/s3_srvr.c |  12 ++++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diffs (54 lines):

diff -r 554856ebd566 -r 37e8b79afeb7 crypto/dist/openssl/ssl/s3_clnt.c
--- a/crypto/dist/openssl/ssl/s3_clnt.c Thu Oct 02 02:25:05 2003 +0000
+++ b/crypto/dist/openssl/ssl/s3_clnt.c Thu Oct 02 02:26:17 2003 +0000
@@ -1769,6 +1769,7 @@
                *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
                l2n3(n,d);
 
+               s->state=SSL3_ST_CW_CERT_VRFY_B;
                s->init_num=(int)n+4;
                s->init_off=0;
                }
diff -r 554856ebd566 -r 37e8b79afeb7 crypto/dist/openssl/ssl/s3_srvr.c
--- a/crypto/dist/openssl/ssl/s3_srvr.c Thu Oct 02 02:25:05 2003 +0000
+++ b/crypto/dist/openssl/ssl/s3_srvr.c Thu Oct 02 02:26:17 2003 +0000
@@ -433,8 +433,11 @@
                        else {
                                /* could be sent for a DH cert, even if we
                                 * have not asked for it :-) */
-                               ret=ssl3_get_client_certificate(s);
-                               if (ret <= 0) goto end;
+                                if (s->s3->tmp.cert_request)
+                                       {
+                                       ret=ssl3_get_client_certificate(s);
+                                       if (ret <= 0) goto end;
+                                       }
                                s->init_num=0;
                                s->state=SSL3_ST_SR_KEY_EXCH_A;
                        }
@@ -844,6 +847,9 @@
                }
 
        /* TLS does not mind if there is extra stuff */
+#if 0  /* SSL 3.0 does not mind either, so we should disable this test
+        * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+        * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
        if (s->version == SSL3_VERSION)
                {
                if (p < (d+n))
@@ -855,6 +861,7 @@
                        goto f_err;
                        }
                }
+#endif
 
        /* Given s->session->ciphers and SSL_get_ciphers, we must
         * pick a cipher */
@@ -1352,6 +1359,7 @@
                s->init_num += 4;
 #endif
 
+               s->state = SSL3_ST_SW_CERT_REQ_B;
                }
 
        /* SSL3_ST_SW_CERT_REQ_B */

Prev by Date: [src/trunk]: src/sys/netinet correct ip_fragment() wrt ip->ip_off handling.
Next by Date: [src/trunk]: src/sbin/pppoectl use netmask of /32. as discusssed on tech-use...
Previous by Thread: [src/trunk]: src/sys/netinet correct ip_fragment() wrt ip->ip_off handling.
Next by Thread: [src/trunk]: src/sbin/pppoectl use netmask of /32. as discusssed on tech-use...
Indexes:

Home | Main Index | Thread Index | Old Index