Fix SSL handshake functions and SSL_clear() such that SSL_clear()

author Bodo Möller <bodo@openssl.org>

Wed, 24 Oct 2001 19:03:22 +0000 (19:03 +0000)

committer Bodo Möller <bodo@openssl.org>

Wed, 24 Oct 2001 19:03:22 +0000 (19:03 +0000)
author Bodo Möller <bodo@openssl.org>
Wed, 24 Oct 2001 19:03:22 +0000 (19:03 +0000)
committer Bodo Möller <bodo@openssl.org>
Wed, 24 Oct 2001 19:03:22 +0000 (19:03 +0000)
diff --git a/CHANGES b/CHANGES

index fbb5d58c2999c920bf43827170b15f85acf14248..4ff8e00b4475ef9b576c61f4c8d99ca823c676ff 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,11 @@
           *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
           +) applies to 0.9.7 only
  
+  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+     never resets s->method to s->ctx->method when called from within
+     one of the SSL handshake functions.
+     [Bodo Moeller; problem pointed out by Niko Baric]
+
    +) Test for certificates which contain unsupported critical extensions.
       If such a certificate is found during a verify operation it is 
       rejected by default: this behaviour can be overridden by either
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c

index 1eafb4b446358939396f1e6a9c84845573690f89..dd2562af15546e88d31117a5cabf36e004e2fe7c 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -113,8 +113,8 @@ int ssl23_connect(SSL *s)
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
         
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
  
         for (;;)
                 {
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c

index 8c41e1ff01f822160020ccb86e892a1143807d97..fe8bd33ce742f9a269ab5919409da03b248b6e53 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -165,8 +165,8 @@ int ssl23_accept(SSL *s)
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
         
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
  
         for (;;)
                 {
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c

index 85b97b61de1ba20a29b581b8d0a666653196fef9..8cb7388ef957180c78eac513245bff5649d16de4 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -118,8 +118,8 @@ int ssl2_connect(SSL *s)
                 cb=s->ctx->info_callback;
  
         /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  
         for (;;)
                 {
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c

index f4f11103b6b855aa4011a3595658118f54d636ac..f849e2b32a5b68f0d0b00e6526676a873793e6fb 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -119,8 +119,8 @@ int ssl2_accept(SSL *s)
                 cb=s->ctx->info_callback;
  
         /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  
         if (s->cert == NULL)
                 {
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 734659d7ecde385efc31b56733aa65c2e05c69d5..52dda37f6d63d0c95af402ff9e57a5a52755dba2 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -119,8 +119,8 @@ int ssl3_connect(SSL *s)
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
         
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
  
         for (;;)
                 {
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 9cea6e31a2ebefdc1e7b3e7f0ec1b79bc4aae41c..8c5b6e8c9cb658343bb6c90b6dbc7bfbd332d441 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -180,8 +180,8 @@ int ssl3_accept(SSL *s)
                 cb=s->ctx->info_callback;
  
         /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  
         if (s->cert == NULL)
                 {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 7257daa8ffde6cc96bcb536be83ce93dbb51c077..72821a1fce6a138067eaed4e48b8a020cb33dfd4 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -193,7 +193,7 @@ int SSL_clear(SSL *s)
  #if 1
         /* Check to see if we were changed into a different method, if
          * so, revert back if we are not doing session-id reuse. */
-       if ((s->session == NULL) && (s->method != s->ctx->method))
+       if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
                 {
                 s->method->ssl_free(s);
                 s->method=s->ctx->method;
author	Bodo Möller <bodo@openssl.org>
	Wed, 24 Oct 2001 19:03:22 +0000 (19:03 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Wed, 24 Oct 2001 19:03:22 +0000 (19:03 +0000)
CHANGES		patch \| blob \| history
ssl/s23_clnt.c		patch \| blob \| history
ssl/s23_srvr.c		patch \| blob \| history
ssl/s2_clnt.c		patch \| blob \| history
ssl/s2_srvr.c		patch \| blob \| history
ssl/s3_clnt.c		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history