diff options
| author |   doug <doug@openbsd.org> | 2015-06-18 22:30:47 +0000 |
|---|---|---|
| committer | doug <doug@openbsd.org> | 2015-06-18 22:30:47 +0000 |
| commit | ba065f75ce522a82347c0e55adab232d6265d6ea (patch) | |
| tree | 7ab837a902b42d9c767cf4bc543c0c3dcfbeb75c /lib/libssl/src/ssl/d1_srvr.c | |
| parent | I'm afraid it will be a sunday. (diff) | |
| download | wireguard-openbsd-ba065f75ce522a82347c0e55adab232d6265d6ea.tar.xz wireguard-openbsd-ba065f75ce522a82347c0e55adab232d6265d6ea.zip | |
Change DTLS client cert request code to match TLS.
DTLS currently doesn't check whether a client cert is expected. This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65
input + ok jsing@ miod@
Diffstat (limited to 'lib/libssl/src/ssl/d1_srvr.c')
| -rw-r--r-- | lib/libssl/src/ssl/d1_srvr.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index 42af17e96e7..f3972ae9d07 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -476,11 +476,11 @@ dtls1_accept(SSL *s) dtls1_stop_timer(s); s->state = SSL3_ST_SR_CLNT_HELLO_C; } else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret = ssl3_get_client_certificate(s); - if (ret <= 0) - goto end; + if (s->s3->tmp.cert_request) { + ret = ssl3_get_client_certificate(s); + if (ret <= 0) + goto end; + } s->init_num = 0; s->state = SSL3_ST_SR_KEY_EXCH_A; } |