/* init things to blank */
s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s))
- SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s)) {
+ if (!SSL_clear(s))
+ return -1;
+ }
s->d1->listen = listen;
#ifndef OPENSSL_NO_SCTP
s->in_handshake, NULL);
#endif
- if (s->cert == NULL) {
- SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
- return (-1);
- }
#ifndef OPENSSL_NO_HEARTBEATS
/*
* If we're awaiting a HeartbeatResponse, pretend we already got and
* listening
*/
if (listen) {
- memcpy(s->s3->write_sequence, s->s3->read_sequence,
- sizeof(s->s3->write_sequence));
+ DTLS_RECORD_LAYER_resync_write(&s->rlayer);
}
/* If we're just listening, stop here */
#ifndef OPENSSL_NO_PSK
|| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
#endif
- || (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd))
+ || (alg_k & SSL_kDHE)
|| (alg_k & SSL_kECDHE)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->
- pkeys
+ && EVP_PKEY_size(s->cert->pkeys
[SSL_PKEY_RSA_ENC].privatekey) *
8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
)
ret = ssl3_send_certificate_request(s);
if (ret <= 0)
goto end;
-#ifndef NETSCAPE_HANG_BUG
s->state = SSL3_ST_SW_SRVR_DONE_A;
# ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
}
# endif
-#else
- s->state = SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-# ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = s->s3->tmp.next_state;
- s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
-# endif
-#endif
s->init_num = 0;
}
break;
s->init_num = 0;
if (!s->session->peer)
break;
- /*
- * For sigalgs freeze the handshake buffer at this point and
- * digest cached records.
- */
if (!s->s3->handshake_buffer) {
SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
return -1;
}
- s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- if (!ssl3_digest_cached_records(s))
- return -1;
+ /*
+ * For sigalgs freeze the handshake buffer. If we support
+ * extms we've done this already.
+ */
+ if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) {
+ s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+ if (!ssl3_digest_cached_records(s))
+ return -1;
+ }
} else {
s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
/* clean a few things up */
ssl3_cleanup_key_block(s);
-#if 0
- BUF_MEM_free(s->init_buf);
- s->init_buf = NULL;
-#endif
-
/* remove buffering on output */
ssl_free_wbio_buffer(s);