Fix DTLS certificate requesting code.

Use same logic when determining when to expect a client certificate for both TLS and DTLS. PR#3452 (cherry picked from commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65)
author: Dr. Stephen Henson <steve@openssl.org> 2014-07-15 18:21:59 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-07-15 18:24:14 +0100
commit: c3d317b4deb9e07df09ee872bcbf655939742238 (patch)
tree: a7b882227f89bc6b9060017a0588b71607fe9ca4 /ssl
parent: a214feb26bb94ed1fd20d2526ce33d806a8378f0 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index c0246c94ea..0e6bf46c02 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -480,10 +480,11 @@ int dtls1_accept(SSL *s)
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
 				}
 			else {
-				/* could be sent for a DH cert, even if we
-				 * have not asked for it :-) */
-				ret=ssl3_get_client_certificate(s);
-				if (ret <= 0) goto end;
+				if (s->s3->tmp.cert_request)
+					{
+					ret=ssl3_get_client_certificate(s);
+					if (ret <= 0) goto end;
+					}
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}
author	Dr. Stephen Henson <steve@openssl.org>	2014-07-15 18:21:59 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-07-15 18:24:14 +0100
commit	c3d317b4deb9e07df09ee872bcbf655939742238 (patch)
tree	a7b882227f89bc6b9060017a0588b71607fe9ca4 /ssl
parent	a214feb26bb94ed1fd20d2526ce33d806a8378f0 (diff)