#include <openssl/objects.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_KRB5
#include "kssl_lcl.h"
-#endif
+#include <openssl/md5.h>
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
SSL3_ST_CR_CERT_A,
SSL3_ST_CR_CERT_B,
-1,
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
+ s->max_cert_list,
&ok);
if (!ok) return((int)n);
DH *dh=NULL;
#endif
+ /* use same message size as in ssl3_get_certificate_request()
+ * as ServerKeyExchange message may be skipped */
n=ssl3_get_message(s,
SSL3_ST_CR_KEY_EXCH_A,
SSL3_ST_CR_KEY_EXCH_B,
-1,
- 1024*8, /* ?? */
+ s->max_cert_list,
&ok);
if (!ok) return((int)n);
param_len=0;
alg=s->s3->tmp.new_cipher->algorithms;
+ EVP_MD_CTX_init(&md_ctx);
#ifndef OPENSSL_NO_RSA
if (alg & SSL_kRSA)
}
}
EVP_PKEY_free(pkey);
+ EVP_MD_CTX_cleanup(&md_ctx);
return(1);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
if (dh != NULL)
DH_free(dh);
#endif
+ EVP_MD_CTX_cleanup(&md_ctx);
return(-1);
}
SSL3_ST_CR_CERT_REQ_A,
SSL3_ST_CR_CERT_REQ_B,
-1,
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
+ s->max_cert_list,
&ok);
if (!ok) return((int)n);
krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
&kssl_err);
enc = kssl_map_enc(kssl_ctx->enctype);
+ if (enc == NULL)
+ goto err;
#ifdef KSSL_DEBUG
{
printf("kssl_cget_tkt rtn %d\n", krb5rc);