'typo'

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index af30d1af14630161ef44023b973e1883a990cbbb..41769febab79f5bfe70d92b46b1f777c1a0ca654 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -184,7 +184,6 @@ int ssl3_connect(SSL *s)
        {
        BUF_MEM *buf=NULL;
        unsigned long Time=(unsigned long)time(NULL);
-       long num1;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
        int new_state,state,skip=0;
@@ -520,16 +519,13 @@ int ssl3_connect(SSL *s)
                        break;
 
                case SSL3_ST_CW_FLUSH:
-                       /* number of bytes to be flushed */
-                       num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                       if (num1 > 0)
+                       s->rwstate=SSL_WRITING;
+                       if (BIO_flush(s->wbio) <= 0)
                                {
-                               s->rwstate=SSL_WRITING;
-                               num1=BIO_flush(s->wbio);
-                               if (num1 <= 0) { ret= -1; goto end; }
-                               s->rwstate=SSL_NOTHING;
+                               ret= -1;
+                               goto end;
                                }
-
+                       s->rwstate=SSL_NOTHING;
                        s->state=s->s3->tmp.next_state;
                        break;
 
@@ -902,7 +898,7 @@ int ssl3_get_server_hello(SSL *s)
                }
 #else
        j= *(p++);
-       if (s->hit && j != (int)s->session->compress_meth)
+       if (s->hit && j != s->session->compress_meth)
                {
                al=SSL_AD_ILLEGAL_PARAMETER;
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
@@ -985,7 +981,9 @@ int ssl3_get_server_certificate(SSL *s)
 
        if (!ok) return((int)n);
 
-       if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
+       if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
+               ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && 
+               (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
                {
                s->s3->tmp.reuse_message=1;
                return(1);
@@ -2672,9 +2670,7 @@ int ssl3_send_client_verify(SSL *s)
        unsigned u=0;
 #endif
        unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
        int j;
-#endif
 
        if (s->state == SSL3_ST_CW_CERT_VRFY_A)
                {
@@ -2874,13 +2870,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
        DH *dh;
 #endif
 
-       sc=s->session->sess_cert;
-       if (sc == NULL)
-               {
-               SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
-               goto err;
-               }
-
        alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
        alg_a=s->s3->tmp.new_cipher->algorithm_auth;
 
@@ -2888,6 +2877,13 @@ int ssl3_check_cert_and_algorithm(SSL *s)
        if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
                return(1);
 
+       sc=s->session->sess_cert;
+       if (sc == NULL)
+               {
+               SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
+               goto err;
+               }
+
 #ifndef OPENSSL_NO_RSA
        rsa=s->session->sess_cert->peer_rsa_tmp;
 #endif