diff options
author | Richard Levitte <levitte@openssl.org> | 2003-09-08 16:57:29 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2003-09-08 16:57:29 +0000 |
commit | db0edbb74560dbede0e595052add3c4d45c6cc6d (patch) | |
tree | a7f85a4908198d84a329136b1bc8c7a4304be9c0 | |
parent | 3ef63bcc6bf922e09c5fda7c997d35a97f9feb68 (diff) | |
download | openssl-new-db0edbb74560dbede0e595052add3c4d45c6cc6d.tar.gz |
Recent changes from 0.9.6-stable
-rw-r--r-- | CHANGES | 5 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 9 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 4 |
3 files changed, 12 insertions, 6 deletions
@@ -4,6 +4,11 @@ Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bd9f7dc209..5eaab1daae 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -420,10 +420,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index a8668e42e6..681a7d77cd 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -81,11 +81,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; if(sess) sess->references++; - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); return(sess); } |