Add server client certificate support for TLS v1.2 . This is more complex

than client side as we need to keep the handshake record cache frozen when it contains all the records need to process the certificate verify message. (backport from HEAD).
author: Dr. Stephen Henson <steve@openssl.org> 2011-05-20 14:58:45 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-20 14:58:45 +0000
commit: b81fde02aa9c09b41ca83c59f885140d85cb9002 (patch)
tree: dc2855cc8fe1fb85ca20f65d4867109721033c0b /ssl/s3_enc.c
parent: 57dd2ea808ea4564a5b1aa2dc4f7ce5b6811904b (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 9f5574a01e..dc3101ff14 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -569,12 +569,12 @@ void ssl3_free_digest_list(SSL *s)
 	OPENSSL_free(s->s3->handshake_dgst);
 	s->s3->handshake_dgst=NULL;
 	}	
-		
+
 
 
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
 	{
-	if (s->s3->handshake_buffer) 
+	if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) 
 		{
 		BIO_write (s->s3->handshake_buffer,(void *)buf,len);
 		} 
@@ -629,9 +629,12 @@ int ssl3_digest_cached_records(SSL *s)
 			s->s3->handshake_dgst[i]=NULL;
 			}
 		}
-	/* Free handshake_buffer BIO */
-	BIO_free(s->s3->handshake_buffer);
-	s->s3->handshake_buffer = NULL;
+	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE))
+		{
+		/* Free handshake_buffer BIO */
+		BIO_free(s->s3->handshake_buffer);
+		s->s3->handshake_buffer = NULL;
+		}
 
 	return 1;
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-20 14:58:45 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-20 14:58:45 +0000
commit	b81fde02aa9c09b41ca83c59f885140d85cb9002 (patch)
tree	dc2855cc8fe1fb85ca20f65d4867109721033c0b /ssl/s3_enc.c
parent	57dd2ea808ea4564a5b1aa2dc4f7ce5b6811904b (diff)