Stop server from expecting Certificate message when not requested

In a non client-auth renegotiation where the original handshake *was* client auth, then the server will expect the client to send a Certificate message anyway resulting in a connection failure. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1982)

Stop server from expecting Certificate message when not requested
In a non client-auth renegotiation where the original handshake *was* client auth, then the server will expect the client to send a Certificate message anyway resulting in a connection failure. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1982)
23573051 · Matt Caswell · 10305baf · 23573051
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

ssl/statem/statem.c ssl/statem/statem.c +2 -1

未找到文件。
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -347,6 +347,8 @@ static int state_machine(SSL *s, int server)
                 */
                s->ctx->stats.sess_accept_renegotiate++;
            }
+
+            s->s3->tmp.cert_request = 0;
        } else {
            s->ctx->stats.sess_connect++;

@@ -354,7 +356,6 @@ static int state_machine(SSL *s, int server)
            memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
            s->hit = 0;

-            s->s3->tmp.cert_request = 0;
            s->s3->tmp.cert_req = 0;

            if (SSL_IS_DTLS(s)) {