Commit d4d78943 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix some out of date comments 



Fix various references to s3_clnt.c and s3_srvr.c which don't exist
any more.

GitHub Issue #765

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 2647e261

ssl/ssl_sess.c

+3 −3
Original line number Diff line number Diff line
@@ -434,13 +434,13 @@ int ssl_get_new_session(SSL *s, int session) 
         * Note that:

         * (a) ssl_get_prev_session() does lookahead into the

         *     ClientHello extensions to find the session ticket.

         *     When ssl_get_prev_session() fails, s3_srvr.c calls

         *     ssl_get_new_session() in ssl3_get_client_hello().

         *     When ssl_get_prev_session() fails, statem_srvr.c calls

         *     ssl_get_new_session() in tls_process_client_hello().

         *     At that point, it has not yet parsed the extensions,

         *     however, because of the lookahead, it already knows

         *     whether a ticket is expected or not.

         *

         * (b) s3_clnt.c calls ssl_get_new_session() before parsing

         * (b) statem_clnt.c calls ssl_get_new_session() before parsing

         *     ServerHello extensions, and before recording the session

         *     ID received from the server, so this block is a noop.

         */

ssl/statem/statem_clnt.c

+1 −1
Original line number Diff line number Diff line
@@ -1352,7 +1352,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) 
    s->session->peer_chain = sk;

    /*

     * Inconsistency alert: cert_chain does include the peer's certificate,

     * which we don't include in s3_srvr.c

     * which we don't include in statem_srvr.c

     */

    x = sk_X509_value(sk, 0);

    sk = NULL;

ssl/statem/statem_srvr.c

+2 −2
Original line number Diff line number Diff line
@@ -368,7 +368,7 @@ static int send_certificate_request(SSL *s) 
           && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)

           /*

            * ... except when the application insists on

            * verification (against the specs, but s3_clnt.c accepts

            * verification (against the specs, but statem_clnt.c accepts

            * this for SSL 3)

            */

               || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
@@ -2931,7 +2931,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) 
    s->session->peer_chain = sk;

    /*

     * Inconsistency alert: cert_chain does *not* include the peer's own

     * certificate, while we do include it in s3_clnt.c

     * certificate, while we do include it in statem_clnt.c

     */

    sk = NULL;

    ret = MSG_PROCESS_CONTINUE_READING;