Make tls1_check_chain return a set of flags indicating checks passed
[openssl.git] / ssl / s3_clnt.c
index e9c1518..5adbb50 100644 (file)
@@ -1963,6 +1963,12 @@ int ssl3_get_certificate_request(SSL *s)
                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
                        goto err;
                        }
+               /* Clear certificate digests and validity flags */
+               for (i = 0; i < SSL_PKEY_NUM; i++)
+                       {
+                       s->cert->pkeys[i].digest = NULL;
+                       s->cert->pkeys[i].valid_flags = 0;
+                       }
                if ((llen & 1) || !tls1_process_sigalgs(s, p, llen))
                        {
                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);