diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 14:28:34 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-01-08 14:31:19 +0000 |
commit | a4aa18879917d9bd45f52ac110c69303a852b7db (patch) | |
tree | baca00c4c52dbe045f9268b59c217a16e7384744 /ssl | |
parent | 50befdb659585b9840264c77708d2dc638624137 (diff) |
Fix typo.
Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
message if certificate is absent.
NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
support DH certificates and this typo prohibits skipping of
certificate verify message for sign only certificates anyway.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_srvr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 18832e910b..496ae80a25 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2400,7 +2400,7 @@ int ssl3_get_cert_verify(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { s->s3->tmp.reuse_message=1; - if ((peer != NULL) && (type | EVP_PKT_SIGN)) + if (peer != NULL) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); |