Digest cached records if not sending a certificate.

If server requests a certificate, but the client doesn't send one, cache digested records. This is an optimisation and ensures the correct finished mac is used when extended master secret is used with client authentication. Reviewed-by: N Tim Hudson <tjh@openssl.org>

Digest cached records if not sending a certificate.
If server requests a certificate, but the client doesn't send one, cache digested records. This is an optimisation and ensures the correct finished mac is used when extended master secret is used with client authentication. Reviewed-by: N Tim Hudson <tjh@openssl.org>
dab18ab5 · Dr. Stephen Henson · 45ebd731 · dab18ab5
隐藏空白更改
内联并排

Showing with 5 addition and 0 deletion

ssl/s3_clnt.c ssl/s3_clnt.c +5 -0

未找到文件。
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3348,6 +3348,11 @@ int ssl3_send_client_certificate(SSL *s)
                return (1);
            } else {
                s->s3->tmp.cert_req = 2;
+                if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) {
+                    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                    s->state = SSL_ST_ERR;
+                    return 0;
+                }
            }
        }