'typo'

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 44b698cc5f021af147156a85386d309d7f144847..41769febab79f5bfe70d92b46b1f777c1a0ca654 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -981,7 +981,9 @@ int ssl3_get_server_certificate(SSL *s)
 
        if (!ok) return((int)n);
 
-       if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
+       if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
+               ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && 
+               (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
                {
                s->s3->tmp.reuse_message=1;
                return(1);
@@ -2668,9 +2670,7 @@ int ssl3_send_client_verify(SSL *s)
        unsigned u=0;
 #endif
        unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
        int j;
-#endif
 
        if (s->state == SSL3_ST_CW_CERT_VRFY_A)
                {
@@ -2870,13 +2870,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
        DH *dh;
 #endif
 
-       sc=s->session->sess_cert;
-       if (sc == NULL)
-               {
-               SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
-               goto err;
-               }
-
        alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
        alg_a=s->s3->tmp.new_cipher->algorithm_auth;
 
@@ -2884,6 +2877,13 @@ int ssl3_check_cert_and_algorithm(SSL *s)
        if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
                return(1);
 
+       sc=s->session->sess_cert;
+       if (sc == NULL)
+               {
+               SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
+               goto err;
+               }
+
 #ifndef OPENSSL_NO_RSA
        rsa=s->session->sess_cert->peer_rsa_tmp;
 #endif