Support retries in certificate callback

(cherry picked from commit 0ebc965b9ca4352e407bb7cfa65ac235942117f6) Conflicts: ssl/s3_srvr.c ssl/ssl3.h
author: Dr. Stephen Henson <steve@openssl.org> 2014-01-25 13:31:07 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-01-27 14:41:38 +0000
commit: ede90b1121b448395c8742166e19b2b475f14975 (patch)
tree: 08ed482f139d595d11ff9a91305357b3e8f18c71 /ssl/s3_clnt.c
parent: 5e7329d15663f81602fb0dfd61c64bfedecb79f1 (diff)
1 files changed, 13 insertions, 4 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6aeab442e1..9e3c847de9 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3301,11 +3301,20 @@ int ssl3_send_client_certificate(SSL *s)
 	if (s->state ==	SSL3_ST_CW_CERT_A)
 		{
 		/* Let cert callback update client certificates if required */
-		if (s->cert->cert_cb
-			&& s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
+		if (s->cert->cert_cb)
 			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
-			return 0;
+			i = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+			if (i < 0)
+				{
+				s->rwstate=SSL_X509_LOOKUP;
+				return -1;
+				}
+			if (i == 0)
+				{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+				return 0;
+				}
+			s->rwstate=SSL_NOTHING;
 			}
 		if (ssl3_check_client_certificate(s))
 			s->state=SSL3_ST_CW_CERT_C;
author	Dr. Stephen Henson <steve@openssl.org>	2014-01-25 13:31:07 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-01-27 14:41:38 +0000
commit	ede90b1121b448395c8742166e19b2b475f14975 (patch)
tree	08ed482f139d595d11ff9a91305357b3e8f18c71 /ssl/s3_clnt.c
parent	5e7329d15663f81602fb0dfd61c64bfedecb79f1 (diff)