Fix DTLS certificate requesting code.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Jul 2014 17:21:59 +0000 (18:21 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Jul 2014 17:23:44 +0000 (18:23 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Jul 2014 17:21:59 +0000 (18:21 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Jul 2014 17:23:44 +0000 (18:23 +0100)
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c

index ef9c347edd43f2bc364b937accd77f4d42b7333d..4b8ba3e452f36cd0b64b0a1da425ca18de182659 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -598,10 +598,11 @@ int dtls1_accept(SSL *s)
                                 s->state = SSL3_ST_SR_CLNT_HELLO_C;
                                 }
                         else {
-                               /* could be sent for a DH cert, even if we
-                                * have not asked for it :-) */
-                               ret=ssl3_get_client_certificate(s);
-                               if (ret <= 0) goto end;
+                               if (s->s3->tmp.cert_request)
+                                       {
+                                       ret=ssl3_get_client_certificate(s);
+                                       if (ret <= 0) goto end;
+                                       }
                                 s->init_num=0;
                                 s->state=SSL3_ST_SR_KEY_EXCH_A;
                         }
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Jul 2014 17:21:59 +0000 (18:21 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Jul 2014 17:23:44 +0000 (18:23 +0100)