Make tls1_check_chain return a set of flags indicating checks passed

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index bf695955d182deeba871cc7de780ae30cfedf911..dd2e60f3ddd65a89d5a75cb962400d79628cb8a1 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1964,6 +1964,12 @@ int ssl3_get_certificate_request(SSL *s)
                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
                        goto err;
                        }
                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
                        goto err;
                        }

+               /* Clear certificate digests and validity flags */
+               for (i = 0; i < SSL_PKEY_NUM; i++)
+                       {
+                       s->cert->pkeys[i].digest = NULL;
+                       s->cert->pkeys[i].valid_flags = 0;
+                       }

                if ((llen & 1) || !tls1_process_sigalgs(s, p, llen))
                        {
                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
                if ((llen & 1) || !tls1_process_sigalgs(s, p, llen))
                        {
                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);