Deprecate quite a few recursive includes from the ssl.h API header and

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 32ddc480900b03458f1db2abb7bc999b1fc81872..898f49810c3f4b4cb67d571cf332b8cb5e930d3f 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -133,9 +133,12 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_KRB5
 #include <openssl/krb5_asn.h>
+#endif
 #include <openssl/md5.h>
-#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -456,10 +459,11 @@ int ssl3_accept(SSL *s)
                        if (ret == 2)
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
                        else {
-                               /* could be sent for a DH cert, even if we
-                                * have not asked for it :-) */
-                               ret=ssl3_get_client_certificate(s);
-                               if (ret <= 0) goto end;
+                               if (s->s3->tmp.cert_request)
+                                       {
+                                       ret=ssl3_get_client_certificate(s);
+                                       if (ret <= 0) goto end;
+                                       }
                                s->init_num=0;
                                s->state=SSL3_ST_SR_KEY_EXCH_A;
                        }
@@ -1015,7 +1019,7 @@ static int ssl3_send_server_hello(SSL *s)
                        s->session->session_id_length=0;
 
                sl=s->session->session_id_length;
-               if (sl > sizeof s->session->session_id)
+               if (sl > (int)sizeof(s->session->session_id))
                        {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
                        return -1;
@@ -1573,6 +1577,7 @@ static int ssl3_send_certificate_request(SSL *s)
                s->init_num += 4;
 #endif
 
+               s->state = SSL3_ST_SW_CERT_REQ_B;
                }
 
        /* SSL3_ST_SW_CERT_REQ_B */
@@ -2291,7 +2296,8 @@ static int ssl3_get_client_certificate(SSL *s)
        int i,ok,al,ret= -1;
        X509 *x=NULL;
        unsigned long l,nc,llen,n;
-       unsigned char *p,*d,*q;
+       const unsigned char *p,*q;
+       unsigned char *d;
        STACK_OF(X509) *sk=NULL;
 
        n=ssl3_get_message(s,
@@ -2329,7 +2335,7 @@ static int ssl3_get_client_certificate(SSL *s)
                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
                goto f_err;
                }
-       d=p=(unsigned char *)s->init_msg;
+       p=d=(unsigned char *)s->init_msg;
 
        if ((sk=sk_X509_new_null()) == NULL)
                {