Commit a4aa1887 authored Jan 06, 2015 by Dr. Stephen Henson Committed by Matt Caswell Jan 08, 2015

Fix typo.



Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
message if certificate is absent.

NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
support DH certificates and this typo prohibits skipping of
certificate verify message for sign only certificates anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>

parent 50befdb6

ssl/s3_srvr.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2400,7 +2400,7 @@ int ssl3_get_cert_verify(SSL *s)
		if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
		{
		s->s3->tmp.reuse_message=1;
		if ((peer != NULL) && (type \| EVP_PKT_SIGN))
		if (peer != NULL)
		{
		al=SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);