1 files changed, 9 insertions, 0 deletions

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e49fc959c417e..fcc97f374f56b 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -523,6 +523,7 @@ int ssl3_accept(SSL *s)
 		case SSL3_ST_SR_CERT_VRFY_A:
 		case SSL3_ST_SR_CERT_VRFY_B:
 
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			/* we should decide if we expected this one */
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
@@ -533,6 +534,7 @@ int ssl3_accept(SSL *s)
 
 		case SSL3_ST_SR_FINISHED_A:
 		case SSL3_ST_SR_FINISHED_B:
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
 				SSL3_ST_SR_FINISHED_B);
 			if (ret <= 0) goto end;
@@ -1131,6 +1133,7 @@ int ssl3_get_client_hello(SSL *s)
 	 * s->tmp.new_cipher	- the new cipher to use.
 	 */
 
+#ifndef OPENSSL_NO_TLSEXT
 	/* Handles TLS extensions that we couldn't check earlier */
 	if (s->version >= SSL3_VERSION)
 		{
@@ -1140,6 +1143,7 @@ int ssl3_get_client_hello(SSL *s)
 			goto err;
 			}
 		}
+#endif
 
 	if (ret < 0) ret=1;
 	if (0)
@@ -1760,6 +1764,11 @@ int ssl3_send_certificate_request(SSL *s)
 		s->init_num=n+4;
 		s->init_off=0;
 #ifdef NETSCAPE_HANG_BUG
+		if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
+			{
+			SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+			goto err;
+			}
 		p=(unsigned char *)s->init_buf->data + s->init_num;
 
 		/* do the header */