projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
typo
[openssl.git]
/
ssl
/
s3_srvr.c
diff --git
a/ssl/s3_srvr.c
b/ssl/s3_srvr.c
index 2f23f2121bd98ff8878d9d6c8738602ba58837c0..75abebb22f4ea64c0a8e90a765d05f2c46b269fd 100644
(file)
--- a/
ssl/s3_srvr.c
+++ b/
ssl/s3_srvr.c
@@
-1432,6
+1432,16
@@
int ssl3_get_client_hello(SSL *s)
* s->tmp.new_cipher - the new cipher to use.
*/
* s->tmp.new_cipher - the new cipher to use.
*/
+ /* Handles TLS extensions that we couldn't check earlier */
+ if (s->version >= SSL3_VERSION)
+ {
+ if (ssl_check_clienthello_tlsext_late(s) <= 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+ goto err;
+ }
+ }
+
if (ret < 0) ret=1;
if (0)
{
if (ret < 0) ret=1;
if (0)
{
@@
-1704,8
+1714,8
@@
int ssl3_send_server_key_exchange(SSL *s)
ecdhp=cert->ecdh_tmp;
if (s->cert->ecdh_tmp_auto)
{
ecdhp=cert->ecdh_tmp;
if (s->cert->ecdh_tmp_auto)
{
- /* Get NID of
first
shared curve */
- int nid = tls1_shared_curve(s,
0
);
+ /* Get NID of
appropriate
shared curve */
+ int nid = tls1_shared_curve(s,
-2
);
if (nid != NID_undef)
ecdhp = EC_KEY_new_by_curve_name(nid);
}
if (nid != NID_undef)
ecdhp = EC_KEY_new_by_curve_name(nid);
}
@@
-3338,7
+3348,7
@@
int ssl3_get_client_certificate(SSL *s)
if (i <= 0)
{
al=ssl_verify_alarm_type(s->verify_result);
if (i <= 0)
{
al=ssl_verify_alarm_type(s->verify_result);
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_
NO_CERTIFICATE_RETURN
ED);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_
CERTIFICATE_VERIFY_FAIL
ED);
goto f_err;
}
}
goto f_err;
}
}