diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-07-15 18:21:59 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-07-15 18:23:13 +0100 |
commit | c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 (patch) | |
tree | fd2ab29849ce76b6eb04f3c07e1dca62933e758c /ssl/d1_srvr.c | |
parent | 199772e53427ca921c289471c1344d454781fcc0 (diff) |
Fix DTLS certificate requesting code.
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.
PR#3452
Diffstat (limited to 'ssl/d1_srvr.c')
-rw-r--r-- | ssl/d1_srvr.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 7816bbb503..1d2201de45 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -616,10 +616,11 @@ int dtls1_accept(SSL *s) s->state = SSL3_ST_SR_CLNT_HELLO_C; } else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } |