Only set current certificate to valid values.

[openssl.git] / ssl / d1_srvr.c

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index d3afec993db3a7a59eff53556682c1c4d962b943..7816bbb503483c04a505d1afc2e0a4da3e01ead7 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -491,8 +491,8 @@ int dtls1_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-                           || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-                           || (alg_k & SSL_kEECDH)
+                           || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
+                           || (alg_k & SSL_kECDHE)
                            || ((alg_k & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
@@ -758,10 +758,13 @@ int dtls1_accept(SSL *s)
                        if (ret <= 0) goto end;
 
 #ifndef OPENSSL_NO_SCTP
-                       /* Change to new shared key of SCTP-Auth,
-                        * will be ignored if no SCTP used.
-                        */
-                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                       if (!s->hit)
+                               {
+                               /* Change to new shared key of SCTP-Auth,
+                                * will be ignored if no SCTP used.
+                                */
+                               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                               }
 #endif
 
                        s->state=SSL3_ST_SW_FINISHED_A;
@@ -786,7 +789,16 @@ int dtls1_accept(SSL *s)
                        if (ret <= 0) goto end;
                        s->state=SSL3_ST_SW_FLUSH;
                        if (s->hit)
+                               {
                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+                               /* Change to new shared key of SCTP-Auth,
+                                * will be ignored if no SCTP used.
+                                */
+                               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+                               }
                        else
                                {
                                s->s3->tmp.next_state=SSL_ST_OK;