Loading ssl/s2_srvr.c +7 −3 Original line number Diff line number Diff line Loading @@ -967,9 +967,13 @@ static int request_certificate(SSL *s) if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) { p=(unsigned char *)s->init_buf->data; i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */ if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3 * (probably NO-CERTIFICATE-ERROR) */ /* try to read 6 octets ... */ i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* * ... but don't call ssl2_part_read now if we got at least 3 * (probably NO-CERTIFICATE-ERROR) */ if (i < 3-s->init_num) { ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); goto end; Loading ssl/ssl.h +2 −1 Original line number Diff line number Diff line Loading @@ -1467,7 +1467,8 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); #ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif Loading ssl/ssl_ciph.c +8 −4 Original line number Diff line number Diff line Loading @@ -170,11 +170,14 @@ typedef struct cipher_order_st static const SSL_CIPHER cipher_aliases[]={ /* Don't include eNULL unless specifically enabled. */ /* Don't include ECC in ALL because these ciphers are not yet official. */ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ /* must be first */ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ /* COMPLEMENT OF ALL */ {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ /* VRS Kerberos5 */ {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, Loading @@ -183,7 +186,8 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ /* VRS Kerberos5 */ {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, Loading Loading
ssl/s2_srvr.c +7 −3 Original line number Diff line number Diff line Loading @@ -967,9 +967,13 @@ static int request_certificate(SSL *s) if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) { p=(unsigned char *)s->init_buf->data; i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */ if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3 * (probably NO-CERTIFICATE-ERROR) */ /* try to read 6 octets ... */ i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* * ... but don't call ssl2_part_read now if we got at least 3 * (probably NO-CERTIFICATE-ERROR) */ if (i < 3-s->init_num) { ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); goto end; Loading
ssl/ssl.h +2 −1 Original line number Diff line number Diff line Loading @@ -1467,7 +1467,8 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); #ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif Loading
ssl/ssl_ciph.c +8 −4 Original line number Diff line number Diff line Loading @@ -170,11 +170,14 @@ typedef struct cipher_order_st static const SSL_CIPHER cipher_aliases[]={ /* Don't include eNULL unless specifically enabled. */ /* Don't include ECC in ALL because these ciphers are not yet official. */ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ /* must be first */ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ /* COMPLEMENT OF ALL */ {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ /* VRS Kerberos5 */ {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, Loading @@ -183,7 +186,8 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ /* VRS Kerberos5 */ {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, Loading
Tim Hudson <tjh@openssl.org>Tim Hudson <tjh@openssl.org>