Initial GOST MAC support. Not fully working yet...

[openssl.git] / ssl / s2_clnt.c

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 0c9e24d5c47f3f17ac4c7cf0779e393d935e5d0c..6d8883fbbd031702a331b08430a53cd1a177bf8c 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -117,7 +117,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 
-static SSL_METHOD *ssl2_get_client_method(int ver);
+static const SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
 static int get_server_verify(SSL *s);
 static int get_server_hello(SSL *s);
@@ -129,7 +129,7 @@ static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
        unsigned char *to,int padding);
 #define BREAK  break
 
-static SSL_METHOD *ssl2_get_client_method(int ver)
+static const SSL_METHOD *ssl2_get_client_method(int ver)
        {
        if (ver == SSL2_VERSION)
                return(SSLv2_client_method());
@@ -144,7 +144,7 @@ IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
 
 int ssl2_connect(SSL *s)
        {
-       unsigned long l=time(NULL);
+       unsigned long l=(unsigned long)time(NULL);
        BUF_MEM *buf=NULL;
        int ret= -1;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
                CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
                }
 
-       if (s->session->peer != s->session->sess_cert->peer_key->x509)
+       if (s->session->sess_cert == NULL 
+      || s->session->peer != s->session->sess_cert->peer_key->x509)
                /* can't happen */
                {
                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
@@ -862,8 +863,10 @@ static int client_certificate(SSL *s)
                EVP_SignUpdate(&ctx,s->s2->key_material,
                               s->s2->key_material_length);
                EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
-               n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
-               EVP_SignUpdate(&ctx,buf,(unsigned int)n);
+               i=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
+               /* Don't update the signature if it fails - FIXME: probably should handle this better */
+               if(i > 0)
+                       EVP_SignUpdate(&ctx,buf,(unsigned int)i);
 
                p=buf;
                d=p+6;