Fix SSL_VERIFY_CLIENT_ONCE
[openssl.git] / ssl / statem / statem_srvr.c
index e2d0836b5a1b1d17d0464c6ebc7da537a5aeec35..65eeaffe9a50e4c90d3dc26287697f4a35154413 100644 (file)
@@ -353,7 +353,7 @@ static int send_certificate_request(SSL *s)
             * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
             * during re-negotiation:
             */
-           && ((s->session->peer == NULL) ||
+           && (s->s3->tmp.finish_md_len == 0 ||
                !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE))
            /*
             * never request cert in anonymous ciphersuites (see