Store verify_result with sessions to avoid potential security hole.

For the server side this was already done one year ago :-(

4 files changed, 9 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index b2cfdf7e51..845bf5fd8c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
   *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
      of SSL_peek) because they both are completely broken.
      They will be fixed RSN by adding an additional 'peek' parameter
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 47dd09c286..28d6d65296 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -921,6 +921,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
 		goto err;
 		}
 	ERR_clear_error(); /* but we keep s->verify_result */
+	s->session->verify_result = s->verify_result;
 
 	/* server's cert for this session */
 	sc=ssl_sess_cert_new();
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 62040f9f1d..eec45cfa48 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -815,6 +815,7 @@ static int ssl3_get_server_certificate(SSL *s)
 		X509_free(s->session->peer);
 	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
 	s->session->peer=x;
+	s->session->verify_result = s->verify_result;
 
 	x=NULL;
 	ret=1;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 416def8908..7064262def 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
 		if (s->session != NULL)
 			SSL_SESSION_free(s->session);
 		s->session=session;
+		s->verify_result = s->session->verify_result;
 		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
 		ret=1;
 		}