Don't set client_version to the ServerHello version.

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index ee0493f576dd45cc1e3cab10e4bb587387e5d9cb..1aff83318436271ff4b836e0707e200a1c231544 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -156,9 +156,6 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -947,7 +944,7 @@ int ssl3_get_server_hello(SSL *s)
                        al = SSL_AD_PROTOCOL_VERSION;
                        goto f_err;
                        }
-               s->version = s->client_version = s->method->version;
+               s->version = s->method->version;
                }
 
        if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
@@ -2148,6 +2145,11 @@ int ssl3_get_certificate_request(SSL *s)
                {
                /* If we exceed static buffer copy all to cert structure */
                s->cert->ctypes = OPENSSL_malloc(ctype_num);
+               if (s->cert->ctypes == NULL)
+                       {
+                       SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
                memcpy(s->cert->ctypes, p, ctype_num);
                s->cert->ctype_num = (size_t)ctype_num;
                ctype_num=SSL3_CT_NUMBER;