Fix kerberos ciphersuite bugs introduced with PR:1336.

author: Dr. Stephen Henson <steve@openssl.org> 2007-03-09 14:06:34 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-03-09 14:06:34 +0000
commit: 295de18c8a578c5fe5eaef1f1370c67d4e10d29c (patch)
tree: 012ea1f9a28423d3d253a9fda4e9bf53c5e524ca /ssl/s3_clnt.c
parent: 3370b694b90d555d3425fa330052921be9a69db6 (diff)
1 files changed, 9 insertions, 7 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 278be82294..d98c7f998f 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -821,7 +821,9 @@ int ssl3_get_server_certificate(SSL *s)
 
 	if (!ok) return((int)n);
 
-	if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
+	if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
+		((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && 
+		(s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
 		{
 		s->s3->tmp.reuse_message=1;
 		return(1);
@@ -2292,18 +2294,18 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 
 	sc=s->session->sess_cert;
 
-	if (sc == NULL)
-		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-
 	algs=s->s3->tmp.new_cipher->algorithms;
 
 	/* we don't have a certificate */
 	if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
 		return(1);
 
+	if (sc == NULL)
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+
 #ifndef OPENSSL_NO_RSA
 	rsa=s->session->sess_cert->peer_rsa_tmp;
 #endif
author	Dr. Stephen Henson <steve@openssl.org>	2007-03-09 14:06:34 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-03-09 14:06:34 +0000
commit	295de18c8a578c5fe5eaef1f1370c67d4e10d29c (patch)
tree	012ea1f9a28423d3d253a9fda4e9bf53c5e524ca /ssl/s3_clnt.c
parent	3370b694b90d555d3425fa330052921be9a69db6 (diff)