[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed May 6 23:41:43 UTC 2015
The branch master has been updated
via dab18ab596acb35eff2545643e25757e4f9cd777 (commit)
from 45ebd7312874548904f3e438b39704d0134c7a1b (commit)
- Log -----------------------------------------------------------------
commit dab18ab596acb35eff2545643e25757e4f9cd777
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu May 7 00:04:48 2015 +0100
Digest cached records if not sending a certificate.
If server requests a certificate, but the client doesn't send one, cache
digested records. This is an optimisation and ensures the correct finished
mac is used when extended master secret is used with client authentication.
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_clnt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index ea4503f..86b7994 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3348,6 +3348,11 @@ int ssl3_send_client_certificate(SSL *s)
return (1);
} else {
s->s3->tmp.cert_req = 2;
+ if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ s->state = SSL_ST_ERR;
+ return 0;
+ }
}
}
More information about the openssl-commits
mailing list