diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-06-16 14:44:29 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-06-23 22:24:09 +0100 |
commit | 124037fdc0571b5bd9022412348e9979a1726a31 (patch) | |
tree | 05ed987e95a605a9cbe076d047c1c4309d263ca5 /ssl/d1_srvr.c | |
parent | 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (diff) |
Tidy up ssl3_digest_cached_records logic.
Rewrite ssl3_digest_cached_records handling. Only digest cached records
if digest array is NULL: this means it is safe to call
ssl3_digest_cached_records multiple times (subsequent calls are no op).
Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer
if digest array is NULL.
Add additional "keep" parameter to ssl3_digest_cached_records to indicate
if the handshake buffer should be retained after digesting cached records
(needed for TLS 1.2 client authentication).
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/d1_srvr.c')
-rw-r--r-- | ssl/d1_srvr.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index dfdc573d64..7a40d66a14 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -640,12 +640,9 @@ int dtls1_accept(SSL *s) * For sigalgs freeze the handshake buffer. If we support * extms we've done this already. */ - if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) { - s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) { - s->state = SSL_ST_ERR; - return -1; - } + if (!ssl3_digest_cached_records(s, 1)) { + s->state = SSL_ST_ERR; + return -1; } } else { s->state = SSL3_ST_SR_CERT_VRFY_A; |