Set security level to zero is ssltest

[openssl.git] / ssl / s2_clnt.c

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 76b690ea1340f04bad5c9eeb25e3cc9dc43ed9cb..3621cf9facc95309181807cafb40c30cce51ffa0 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -623,7 +623,7 @@ static int client_master_key(SSL *s)
        if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
                {
 
-               if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
+               if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0))
                        {
                        ssl2_return_error(s,SSL2_PE_NO_CIPHER);
                        SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -939,7 +939,7 @@ static int get_server_verify(SSL *s)
                s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
        p += 1;
 
-       if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+       if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
                {
                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
@@ -1056,6 +1056,12 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
        ERR_clear_error(); /* but we keep s->verify_result */
        s->session->verify_result = s->verify_result;
 
+       if (i > 1)
+               {
+               SSLerr(SSL_F_SSL2_SET_CERTIFICATE, i);
+               goto err;
+               }
+
        /* server's cert for this session */
        sc=ssl_sess_cert_new();
        if (sc == NULL)