summaryrefslogtreecommitdiffstats
path: root/ssl/statem/statem_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/statem/statem_clnt.c')
-rw-r--r--ssl/statem/statem_clnt.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index f1ed43abd3..e5b036390a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1988,7 +1988,8 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s,
return WORK_ERROR;
}
- if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) {
+ if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx,
+ SSL_CONNECTION_GET_CTX(s))) == NULL) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return WORK_ERROR;
}
@@ -2434,11 +2435,15 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s,
PACKET *pkt)
{
- size_t i;
-
/* Clear certificate validity flags */
- for (i = 0; i < SSL_PKEY_NUM; i++)
- s->s3.tmp.valid_flags[i] = 0;
+ if (s->s3.tmp.valid_flags != NULL)
+ memset(s->s3.tmp.valid_flags, 0, s->ssl_pkey_num * sizeof(uint32_t));
+ else
+ s->s3.tmp.valid_flags = OPENSSL_zalloc(s->ssl_pkey_num * sizeof(uint32_t));
+
+ /* Give up for good if allocation didn't work */
+ if (s->s3.tmp.valid_flags == NULL)
+ return 0;
if (SSL_CONNECTION_IS_TLS13(s)) {
PACKET reqctx, extensions;
@@ -3768,7 +3773,8 @@ int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s)
return 1;
/* This is the passed certificate */
- clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx);
+ clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx,
+ SSL_CONNECTION_GET_CTX(s));
/* Check certificate is recognised and suitable for cipher */
if (clu == NULL || (alg_a & clu->amask) == 0) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 17:20:44 +0000