Process signature algorithms before deciding on certificate.

[openssl.git] / ssl / s2_clnt.c

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 299389addc05183301dd7225d017b573ae036161..fbbd529c0bf61f967082474351bc225febdfbcd2 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -417,12 +417,11 @@ static int get_server_hello(SSL *s)
                }
        else
                {
-#ifdef undef
+#if 0
                /* very bad */
                memset(s->session->session_id,0,
                        SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
                s->session->session_id_length=0;
-               */
 #endif
 
                /* we need to do this in case we were trying to reuse a 
@@ -1056,6 +1055,12 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
        ERR_clear_error(); /* but we keep s->verify_result */
        s->session->verify_result = s->verify_result;
 
+       if (i > 1)
+               {
+               SSLerr(SSL_F_SSL2_SET_CERTIFICATE, i);
+               goto err;
+               }
+
        /* server's cert for this session */
        sc=ssl_sess_cert_new();
        if (sc == NULL)