Add ctrls to set and get RFC4507bis keys to enable several contexts to

[openssl.git] / ssl / s2_clnt.c

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 89f3f7d753c61e43e747e3300583a2894cdefdd0..7b3b7d8eac2aab4d58a2f9b6635be53af95b05df 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
                CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
                }
 
-       if (s->session->peer != s->session->sess_cert->peer_key->x509)
+       if (s->session->sess_cert == NULL 
+      || s->session->peer != s->session->sess_cert->peer_key->x509)
                /* can't happen */
                {
                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
@@ -620,7 +621,7 @@ static int client_master_key(SSL *s)
        if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
                {
 
-               if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+               if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
                        {
                        ssl2_return_error(s,SSL2_PE_NO_CIPHER);
                        SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -862,8 +863,10 @@ static int client_certificate(SSL *s)
                EVP_SignUpdate(&ctx,s->s2->key_material,
                               s->s2->key_material_length);
                EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
-               n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
-               EVP_SignUpdate(&ctx,buf,(unsigned int)n);
+               i=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
+               /* Don't update the signature if it fails - FIXME: probably should handle this better */
+               if(i > 0)
+                       EVP_SignUpdate(&ctx,buf,(unsigned int)i);
 
                p=buf;
                d=p+6;