diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-12-27 14:23:22 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-12-27 14:23:22 +0000 |
commit | b300fb773471ffd1d5dbf5415e6a65a090669b31 (patch) | |
tree | 4a6a68f46f91486434e99d029c0de671163e7a8c /ssl | |
parent | f89af47438bbbd0e645e92e83bb98c61de46a34d (diff) |
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_srvr.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bae14c17e5..3609aba5f2 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -338,16 +338,27 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CLNT_HELLO_C: s->shutdown=0; - - ret=ssl3_get_client_hello(s); - if (ret <= 0) goto end; + if (s->rwstate != SSL_X509_LOOKUP) + { + ret=ssl3_get_client_hello(s); + if (ret <= 0) goto end; + } #ifndef OPENSSL_NO_SRP { int al; - if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) != SSL_ERROR_NONE) + if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) < 0) + { + /* callback indicates firther work to be done */ + s->rwstate=SSL_X509_LOOKUP; + goto end; + } + if (ret != SSL_ERROR_NONE) { - ssl3_send_alert(s,SSL3_AL_FATAL,al); - SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); + ssl3_send_alert(s,SSL3_AL_FATAL,al); + /* This is not really an error but the only means to + for a client to detect whether srp is supported. */ + if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) + SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret= -1; goto end; |