Loading ssl/s3_clnt.c +13 −4 Original line number Diff line number Diff line Loading @@ -3301,12 +3301,21 @@ int ssl3_send_client_certificate(SSL *s) if (s->state == SSL3_ST_CW_CERT_A) { /* Let cert callback update client certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) if (s->cert->cert_cb) { i = s->cert->cert_cb(s, s->cert->cert_cb_arg); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; return -1; } if (i == 0) { ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); return 0; } s->rwstate=SSL_NOTHING; } if (ssl3_check_client_certificate(s)) s->state=SSL3_ST_CW_CERT_C; else Loading ssl/s3_srvr.c +22 −10 Original line number Diff line number Diff line Loading @@ -353,12 +353,11 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CLNT_HELLO_C: s->shutdown=0; if (s->rwstate != SSL_X509_LOOKUP) { ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; } #ifndef OPENSSL_NO_SRP s->state = SSL3_ST_SR_CLNT_HELLO_D; case SSL3_ST_SR_CLNT_HELLO_D: { int al; if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) < 0) Loading Loading @@ -940,6 +939,9 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; if (s->state == SSL3_ST_SR_CLNT_HELLO_C) goto retry_cert; /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. Loading Loading @@ -1384,13 +1386,23 @@ int ssl3_get_client_hello(SSL *s) } ciphers=NULL; /* Let cert callback update server certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) retry_cert: if (s->cert->cert_cb) { int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); if (rv == 0) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR); goto f_err; } if (rv < 0) { s->rwstate=SSL_X509_LOOKUP; return -1; } s->rwstate = SSL_NOTHING; } c=ssl3_choose_cipher(s,s->session->ciphers, SSL_get_ciphers(s)); Loading ssl/ssl3.h +1 −0 Original line number Diff line number Diff line Loading @@ -669,6 +669,7 @@ typedef struct ssl3_state_st #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) /* write to client */ #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) Loading Loading
ssl/s3_clnt.c +13 −4 Original line number Diff line number Diff line Loading @@ -3301,12 +3301,21 @@ int ssl3_send_client_certificate(SSL *s) if (s->state == SSL3_ST_CW_CERT_A) { /* Let cert callback update client certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) if (s->cert->cert_cb) { i = s->cert->cert_cb(s, s->cert->cert_cb_arg); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; return -1; } if (i == 0) { ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); return 0; } s->rwstate=SSL_NOTHING; } if (ssl3_check_client_certificate(s)) s->state=SSL3_ST_CW_CERT_C; else Loading
ssl/s3_srvr.c +22 −10 Original line number Diff line number Diff line Loading @@ -353,12 +353,11 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CLNT_HELLO_C: s->shutdown=0; if (s->rwstate != SSL_X509_LOOKUP) { ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; } #ifndef OPENSSL_NO_SRP s->state = SSL3_ST_SR_CLNT_HELLO_D; case SSL3_ST_SR_CLNT_HELLO_D: { int al; if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) < 0) Loading Loading @@ -940,6 +939,9 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; if (s->state == SSL3_ST_SR_CLNT_HELLO_C) goto retry_cert; /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. Loading Loading @@ -1384,13 +1386,23 @@ int ssl3_get_client_hello(SSL *s) } ciphers=NULL; /* Let cert callback update server certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) retry_cert: if (s->cert->cert_cb) { int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); if (rv == 0) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR); goto f_err; } if (rv < 0) { s->rwstate=SSL_X509_LOOKUP; return -1; } s->rwstate = SSL_NOTHING; } c=ssl3_choose_cipher(s,s->session->ciphers, SSL_get_ciphers(s)); Loading
ssl/ssl3.h +1 −0 Original line number Diff line number Diff line Loading @@ -669,6 +669,7 @@ typedef struct ssl3_state_st #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) /* write to client */ #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) Loading
