From 0a5942093e06f60f0fa683505ee3693a4fdea070 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 15 Nov 2002 09:15:55 +0000 Subject: [PATCH] We need to read one more byte of the REQUEST-CERTIFICATE message. PR: 300 --- CHANGES | 4 ++++ ssl/s2_clnt.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 09509abd4b..cf1bc8d785 100644 --- a/CHANGES +++ b/CHANGES @@ -2082,6 +2082,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) Fix client_certificate (ssl/s2_clnt.c): The permissible total + length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. + [Zeev Lieber ] + *) Change the default configuration reader to deal with last line not being properly terminated. [Richard Levitte] diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 681bfad8f7..da783230a5 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -770,8 +770,8 @@ static int client_certificate(SSL *s) if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) { i=ssl2_read(s,(char *)&(buf[s->init_num]), - SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num); - if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num)) + SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num); + if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num)) return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); s->init_num += i; if (s->msg_callback) -- 2.34.1