Fix SSL handshake functions and SSL_clear() such that SSL_clear()
authorBodo Möller <bodo@openssl.org>
Wed, 24 Oct 2001 19:03:22 +0000 (19:03 +0000)
committerBodo Möller <bodo@openssl.org>
Wed, 24 Oct 2001 19:03:22 +0000 (19:03 +0000)
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.

CHANGES
ssl/s23_clnt.c
ssl/s23_srvr.c
ssl/s2_clnt.c
ssl/s2_srvr.c
ssl/s3_clnt.c
ssl/s3_srvr.c
ssl/ssl_lib.c

diff --git a/CHANGES b/CHANGES
index fbb5d58..4ff8e00 100644 (file)
--- a/CHANGES
+++ b/CHANGES
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+     never resets s->method to s->ctx->method when called from within
+     one of the SSL handshake functions.
+     [Bodo Moeller; problem pointed out by Niko Baric]
+
   +) Test for certificates which contain unsupported critical extensions.
      If such a certificate is found during a verify operation it is 
      rejected by default: this behaviour can be overridden by either
index 1eafb4b..dd2562a 100644 (file)
@@ -113,8 +113,8 @@ int ssl23_connect(SSL *s)
        else if (s->ctx->info_callback != NULL)
                cb=s->ctx->info_callback;
        
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
        for (;;)
                {
index 8c41e1f..fe8bd33 100644 (file)
@@ -165,8 +165,8 @@ int ssl23_accept(SSL *s)
        else if (s->ctx->info_callback != NULL)
                cb=s->ctx->info_callback;
        
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
        for (;;)
                {
index 85b97b6..8cb7388 100644 (file)
@@ -118,8 +118,8 @@ int ssl2_connect(SSL *s)
                cb=s->ctx->info_callback;
 
        /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
        for (;;)
                {
index f4f1110..f849e2b 100644 (file)
@@ -119,8 +119,8 @@ int ssl2_accept(SSL *s)
                cb=s->ctx->info_callback;
 
        /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
        if (s->cert == NULL)
                {
index 734659d..52dda37 100644 (file)
@@ -119,8 +119,8 @@ int ssl3_connect(SSL *s)
        else if (s->ctx->info_callback != NULL)
                cb=s->ctx->info_callback;
        
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
        for (;;)
                {
index 9cea6e3..8c5b6e8 100644 (file)
@@ -180,8 +180,8 @@ int ssl3_accept(SSL *s)
                cb=s->ctx->info_callback;
 
        /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
        if (s->cert == NULL)
                {
index 7257daa..72821a1 100644 (file)
@@ -193,7 +193,7 @@ int SSL_clear(SSL *s)
 #if 1
        /* Check to see if we were changed into a different method, if
         * so, revert back if we are not doing session-id reuse. */
-       if ((s->session == NULL) && (s->method != s->ctx->method))
+       if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
                {
                s->method->ssl_free(s);
                s->method=s->ctx->method;