static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
+static int ssl3_check_client_hello(SSL *s);
static int ssl3_send_server_hello(SSL *s);
static int ssl3_send_server_key_exchange(SSL *s);
static int ssl3_send_certificate_request(SSL *s);
s->new_session=1;
/* s->state=SSL_ST_ACCEPT; */
+ case SSL3_ST_SR_MS_SGC:
case SSL_ST_BEFORE:
case SSL_ST_ACCEPT:
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
if (s->state != SSL_ST_RENEGOTIATE)
{
+ if(s->state != SSL3_ST_SR_MS_SGC) ssl3_init_finished_mac(s);
s->state=SSL3_ST_SR_CLNT_HELLO_A;
- ssl3_init_finished_mac(s);
s->ctx->stats.sess_accept++;
}
else
case SSL3_ST_SW_CERT_REQ_A:
case SSL3_ST_SW_CERT_REQ_B:
- if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+ if (/* don't request cert unless asked for it: */
+ !(s->verify_mode & SSL_VERIFY_PEER) ||
+ /* if SSL_VERIFY_CLIENT_ONCE is set,
+ * don't request cert during re-negotiation: */
((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
+ (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+ /* never request cert in anonymous ciphersuites
+ * (see section "Certificate request" in SSL 3 drafts
+ * and in RFC 2246): */
+ ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+ /* ... except when the application insists on verification
+ * (against the specs, but s3_clnt.c accepts this for SSL 3) */
+ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
{
/* no cert request */
skip=1;
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
- /* could be sent for a DH cert, even if we
- * have not asked for it :-) */
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL3_ST_SR_KEY_EXCH_A;
+ /* Check for second client hello if MS SGC */
+ ret = ssl3_check_client_hello(s);
+ if(ret <= 0) goto end;
+ if(ret == 2) s->state = SSL3_ST_SR_MS_SGC;
+ else {
+ /* could be sent for a DH cert, even if we
+ * have not asked for it :-) */
+ ret=ssl3_get_client_certificate(s);
+ if (ret <= 0) goto end;
+ s->init_num=0;
+ s->state=SSL3_ST_SR_KEY_EXCH_A;
+ }
break;
case SSL3_ST_SR_KEY_EXCH_A:
* a client cert, it can be verified */
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst1),
- &(s->s3->tmp.finish_md[0]));
+ &(s->s3->tmp.cert_verify_md[0]));
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst2),
- &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
break;
case SSL3_ST_SW_FINISHED_B:
ret=ssl3_send_finished(s,
SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
- s->method->ssl3_enc->server_finished,
- s->method->ssl3_enc->server_finished_len);
+ s->method->ssl3_enc->server_finished_label,
+ s->method->ssl3_enc->server_finished_label_len);
if (ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH;
if (s->hit)
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
}
+static int ssl3_check_client_hello(SSL *s)
+ {
+ int ok;
+ long n;
+
+ n=ssl3_get_message(s,
+ SSL3_ST_SR_CERT_A,
+ SSL3_ST_SR_CERT_B,
+ -1,
+ SSL3_RT_MAX_PLAIN_LENGTH,
+ &ok);
+ if (!ok) return((int)n);
+ s->s3->tmp.reuse_message = 1;
+ if(s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) return 2;
+ return 1;
+}
+
static int ssl3_get_client_hello(SSL *s)
{
int i,j,ok,al,ret= -1;
#ifndef NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
- i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md,
+ i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
pkey->pkey.rsa);
if (i < 0)
if (pkey->type == EVP_PKEY_DSA)
{
j=DSA_verify(pkey->save_type,
- &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
if (j <= 0)
{
al=SSL_AD_HANDSHAKE_FAILURE;
goto f_err;
}
- /* If tls asked for a client cert we must return a 0 list */
+ /* If tls asked for a client cert, the client must return a 0 list */
if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
if (s->session->peer != NULL) /* This should not be needed */
X509_free(s->session->peer);
s->session->peer=sk_X509_shift(sk);
+ s->session->verify_result = s->verify_result;
/* With the current implementation, sess_cert will always be NULL
* when we arrive here. */