X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fd1_srvr.c;h=059385c310920e8566dce3245788a239837f719a;hp=0cdc51be23e63047fea2ebc5815ccef0e31c0c38;hb=fb76ad8d43e37b399f22932c8ccc85578fcdf7b5;hpb=24097938ad19acaaac00f4e8549bfe1a976d662d diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 0cdc51be23..059385c310 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -472,24 +472,15 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange or * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK @@ -610,24 +601,13 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) + if (s->s3->tmp.cert_request) { - dtls1_stop_timer(s); - s->state = SSL3_ST_SR_CLNT_HELLO_C; + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; } - else { - if (s->s3->tmp.cert_request) - { - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - } - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } + s->init_num=0; + s->state=SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: