diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-06-18 22:30:48 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-06-18 22:30:48 +0000 |
| commit | e5e56cf2cf8d060db486e643a5461ea75d4c1486 (patch) | |
| tree | a8699985e9ebf687b19005bfed9104064c67ccd9 | |
| parent | 25d256dd4ca88249987cd430940c69de0c7d38bf (diff) | |
Change DTLS client cert request code to match TLS.
DTLS currently doesn't check whether a client cert is expected. This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65
input + ok jsing@ miod@
| -rw-r--r-- | lib/libssl/d1_srvr.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 42af17e96e7..f3972ae9d07 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -476,11 +476,11 @@ dtls1_accept(SSL *s) dtls1_stop_timer(s); s->state = SSL3_ST_SR_CLNT_HELLO_C; } else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret = ssl3_get_client_certificate(s); - if (ret <= 0) - goto end; + if (s->s3->tmp.cert_request) { + ret = ssl3_get_client_certificate(s); + if (ret <= 0) + goto end; + } s->init_num = 0; s->state = SSL3_ST_SR_KEY_EXCH_A; } |