SSL_R_PEER_ERROR);
return(-1);
}
-#ifdef __APPLE_CC__
- /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
- * workaround. <appro@fy.chalmers.se> */
- s->hit=(i=*(p++))?1:0;
-#else
+#if 0
s->hit=(*(p++))?1:0;
+ /* Some [PPC?] compilers fail to increment p in above
+ statement, e.g. one provided with Rhapsody 5.5, but
+ most recent example XL C 11.1 for AIX, even without
+ optimization flag... */
+#else
+ s->hit=(*p)?1:0; p++;
#endif
s->s2->tmp.cert_type= *(p++);
n2s(p,i);
}
else
{
-#ifdef undef
+#if 0
/* very bad */
memset(s->session->session_id,0,
SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
s->session->session_id_length=0;
- */
#endif
/* we need to do this in case we were trying to reuse a
if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
{
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
+ if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
p += 1;
- if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+ if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
i=ssl_verify_cert_chain(s,sk);
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
{
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
goto err;
ERR_clear_error(); /* but we keep s->verify_result */
s->session->verify_result = s->verify_result;
+ if (i > 1)
+ {
+ SSLerr(SSL_F_SSL2_SET_CERTIFICATE, i);
+ goto err;
+ }
+
/* server's cert for this session */
sc=ssl_sess_cert_new();
if (sc == NULL)
projects / openssl.git / blobdiff