projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix error when server does not send CertificateStatus message
[openssl.git]
/
ssl
/
t1_lib.c
diff --git
a/ssl/t1_lib.c
b/ssl/t1_lib.c
index 3176d1e3babaeb6b97ca3d1a927df9ca1747d2e3..24713194e8b214945e8733cb2e0c2274d3e8f4f4 100644
(file)
--- a/
ssl/t1_lib.c
+++ b/
ssl/t1_lib.c
@@
-3157,6
+3157,9
@@
int ssl_check_serverhello_tlsext(SSL *s)
}
# endif
}
# endif
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = NULL;
+ s->tlsext_ocsp_resplen = -1;
/*
* If we've requested certificate status and we wont get one tell the
* callback
/*
* If we've requested certificate status and we wont get one tell the
* callback
@@
-3165,14
+3168,9
@@
int ssl_check_serverhello_tlsext(SSL *s)
&& s->ctx && s->ctx->tlsext_status_cb) {
int r;
/*
&& s->ctx && s->ctx->tlsext_status_cb) {
int r;
/*
- *
Set resp to NULL, resplen to -1 so callback knows there is no
- *
response.
+ *
Call callback with resp == NULL and resplen == -1 so callback
+ *
knows there is no response
*/
*/
- if (s->tlsext_ocsp_resp) {
- OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = NULL;
- }
- s->tlsext_ocsp_resplen = -1;
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
if (r == 0) {
al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
if (r == 0) {
al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
@@
-3583,7
+3581,7
@@
static int tls12_get_pkey_idx(unsigned char sig_alg)
static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
int *psignhash_nid, const unsigned char *data)
{
static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
int *psignhash_nid, const unsigned char *data)
{
- int sign_nid =
0, hash_nid = 0
;
+ int sign_nid =
NID_undef, hash_nid = NID_undef
;
if (!phash_nid && !psign_nid && !psignhash_nid)
return;
if (phash_nid || psignhash_nid) {
if (!phash_nid && !psign_nid && !psignhash_nid)
return;
if (phash_nid || psignhash_nid) {
@@
-3599,9
+3597,9
@@
static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
*psign_nid = sign_nid;
}
if (psignhash_nid) {
*psign_nid = sign_nid;
}
if (psignhash_nid) {
- if (sign_nid
&& hash_nid)
- OBJ_find_sigid_by_algs(psignhash_nid, hash_nid, sign_nid);
- else
+ if (sign_nid
== NID_undef || hash_nid == NID_undef
+ || OBJ_find_sigid_by_algs(psignhash_nid, hash_nid,
+ sign_nid) <= 0)
*psignhash_nid = NID_undef;
}
}
*psignhash_nid = NID_undef;
}
}