SSL3_ST_SR_CERT_A,
SSL3_ST_SR_CERT_B,
-1,
- SSL3_RT_MAX_PLAIN_LENGTH,
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+ 1024*30, /* 30k max cert list :-) */
+#else
+ 1024*100, /* 100k max cert list :-) */
+#endif
&ok);
if (!ok) return((int)n);
s->s3->tmp.reuse_message = 1;
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
goto f_err;
}
- CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+ RSA_up(rsa);
cert->rsa_tmp=rsa;
}
if (rsa == NULL)
enc_pms.data = p;
p+=enc_pms.length;
- if (n != enc_ticket.length + authenticator.length +
+ if ((unsigned long)n != enc_ticket.length + authenticator.length +
enc_pms.length + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
#endif /* KSSL_DEBUG */
enc = kssl_map_enc(kssl_ctx->enctype);
+ if (enc == NULL)
+ goto err;
+
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key, pms, outl);
+ if (kssl_ctx->client_princ)
+ {
+ int len = strlen(kssl_ctx->client_princ);
+ if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
+ {
+ s->session->krb5_client_princ_len = len;
+ memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
+ }
+ }
+
+
/* Was doing kssl_ctx_free() here,
** but it caused problems for apache.
** kssl_ctx = kssl_ctx_free(kssl_ctx);