diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-20 14:58:45 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-20 14:58:45 +0000 |
commit | b81fde02aa9c09b41ca83c59f885140d85cb9002 (patch) | |
tree | dc2855cc8fe1fb85ca20f65d4867109721033c0b /ssl/s3_enc.c | |
parent | 57dd2ea808ea4564a5b1aa2dc4f7ce5b6811904b (diff) |
Add server client certificate support for TLS v1.2 . This is more complex
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
Diffstat (limited to 'ssl/s3_enc.c')
-rw-r--r-- | ssl/s3_enc.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 9f5574a01e..dc3101ff14 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -569,12 +569,12 @@ void ssl3_free_digest_list(SSL *s) OPENSSL_free(s->s3->handshake_dgst); s->s3->handshake_dgst=NULL; } - + void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) { - if (s->s3->handshake_buffer) + if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { BIO_write (s->s3->handshake_buffer,(void *)buf,len); } @@ -629,9 +629,12 @@ int ssl3_digest_cached_records(SSL *s) s->s3->handshake_dgst[i]=NULL; } } - /* Free handshake_buffer BIO */ - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; + if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) + { + /* Free handshake_buffer BIO */ + BIO_free(s->s3->handshake_buffer); + s->s3->handshake_buffer = NULL; + } return 1; } |