diff options
| author |   jsing <jsing@openbsd.org> | 2017-03-04 16:15:02 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-03-04 16:15:02 +0000 |
| commit | 1176611221ce303b98eaf1d079b4bd0b5fc76d6d (patch) | |
| tree | d85a1d8747a9edc4643581ecab6e1989e4a9acba /lib/libssl/ssl_clnt.c | |
| parent | 6.2 key for the future (diff) | |
| download | wireguard-openbsd-1176611221ce303b98eaf1d079b4bd0b5fc76d6d.tar.xz wireguard-openbsd-1176611221ce303b98eaf1d079b4bd0b5fc76d6d.zip | |
Call ssl3_handshake_write() instead of ssl3_do_write() - this was missed
when ssl3_send_client_certificate() was converted to the standard handshake
functions in r1.150 of s3_clnt.c.
This has no impact on TLS, however it causes the DTLS client to fail if the
server sends a certificate request, since the TLS MAC is calculated on a
non-populated DTLS header.
Issue reported by umokk on github.
Diffstat (limited to 'lib/libssl/ssl_clnt.c')
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 223190c0a03..65939141a27 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.7 2017/03/01 14:01:24 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.8 2017/03/04 16:15:02 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2539,7 +2539,7 @@ ssl3_send_client_certificate(SSL *s) } /* SSL3_ST_CW_CERT_D */ - return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); err: CBB_cleanup(&cbb); |