[openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-108-gc8667a2

Matt Caswell matt at openssl.org
Tue Dec 16 15:04:44 UTC 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, OpenSSL_1_0_2-stable has been updated
       via  c8667a2e462c3e9e2c4fe1dc170b9b157d9ba938 (commit)
       via  5ee441162e3a5a236429f43d5c352beb5eb29cc3 (commit)
      from  63ef0db60f7b9fc0c2bcabdc7e2bd133784ddd60 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c8667a2e462c3e9e2c4fe1dc170b9b157d9ba938
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Mar 18 14:19:22 2014 +0000

    Check return value of ssl3_output_cert_chain
    
    (cherry picked from commit 66f96fe2d519147097c118d4bf60704c69ed0635)
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

commit 5ee441162e3a5a236429f43d5c352beb5eb29cc3
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Dec 3 10:33:08 2014 +0000

    The dtls1_output_cert_chain function no longer exists so remove it from
    ssl_locl.h
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_clnt.c  |    9 +++++++--
 ssl/s3_srvr.c  |    6 +++++-
 ssl/ssl_locl.h |    1 -
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b16b3c4..2b9fdb0 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3470,8 +3470,13 @@ int ssl3_send_client_certificate(SSL *s)
 	if (s->state == SSL3_ST_CW_CERT_C)
 		{
 		s->state=SSL3_ST_CW_CERT_D;
-		ssl3_output_cert_chain(s,
-			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key);
+		if (!ssl3_output_cert_chain(s,
+			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key))
+			{
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+			return 0;
+			}
 		}
 	/* SSL3_ST_CW_CERT_D */
 	return ssl_do_write(s);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index a4342ba..83d110f 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3450,7 +3450,11 @@ int ssl3_send_server_certificate(SSL *s)
 				}
 			}
 
-		ssl3_output_cert_chain(s,cpk);
+		if (!ssl3_output_cert_chain(s,cpk))
+			{
+			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+			return(0);
+			}
 		s->state=SSL3_ST_SW_CERT_B;
 		}
 
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7bc839c..6b53f24 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1180,7 +1180,6 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
 
 int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
 int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-unsigned long dtls1_output_cert_chain(SSL *s, CERT_PKEY *cpk);
 int dtls1_read_failed(SSL *s, int code);
 int dtls1_buffer_message(SSL *s, int ccs);
 int dtls1_retransmit_message(SSL *s, unsigned short seq, 


hooks/post-receive
-- 
OpenSSL source code


More information about the openssl-commits mailing list