vendor/openssl/1.0.1h

author: Jung-uk Kim <jkim@FreeBSD.org> 2014-06-06 20:59:29 +0000
committer: Jung-uk Kim <jkim@FreeBSD.org> 2014-06-06 20:59:29 +0000
commit: 2e22f5e2e00c1f1f599b03634ca27bb5b9ac471e (patch)
tree: a707d3fdb02faa3d4423773ae7b606febaa5e786 /ssl/s3_clnt.c
parent: 06369e3974fbc83d3778807c090fbe69f20a27d4 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index a6b3c01afa18..0457af878917 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
 		case SSL3_ST_CR_FINISHED_A:
 		case SSL3_ST_CR_FINISHED_B:
 
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
 				SSL3_ST_CR_FINISHED_B);
 			if (ret <= 0) goto end;
@@ -915,6 +916,7 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
 		goto f_err;
 		}
+	    s->s3->flags |= SSL3_FLAGS_CCS_OK;
 	    s->hit=1;
 	    }
 	else	/* a miss or crap from the other end */
@@ -2510,6 +2512,13 @@ int ssl3_send_client_key_exchange(SSL *s)
 			int ecdh_clnt_cert = 0;
 			int field_size = 0;
 
+			if (s->session->sess_cert == NULL) 
+				{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+				goto err;
+				}
+
 			/* Did we send out the client's
 			 * ECDH share for use in premaster
 			 * computation as part of client certificate?
author	Jung-uk Kim <jkim@FreeBSD.org>	2014-06-06 20:59:29 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2014-06-06 20:59:29 +0000
commit	2e22f5e2e00c1f1f599b03634ca27bb5b9ac471e (patch)
tree	a707d3fdb02faa3d4423773ae7b606febaa5e786 /ssl/s3_clnt.c
parent	06369e3974fbc83d3778807c090fbe69f20a27d4 (diff)