diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2000-11-29 16:04:38 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2000-11-29 16:04:38 +0000 |
commit | 0dd2254d7667979ea998af1f480a7841ea864ad5 (patch) | |
tree | b07297012e16ee82c54a74d01029abff3c0f390a | |
parent | 03a0848922d3a4b1a6f216df1c2470a6b946cd87 (diff) | |
download | openssl-0dd2254d7667979ea998af1f480a7841ea864ad5.tar.gz |
Store verify_result with sessions to avoid potential security hole.
For the server side this was already done one year ago :-(
-rw-r--r-- | ssl/s2_clnt.c | 1 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 1 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 47dd09c286..28d6d65296 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -921,6 +921,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data) goto err; } ERR_clear_error(); /* but we keep s->verify_result */ + s->session->verify_result = s->verify_result; /* server's cert for this session */ sc=ssl_sess_cert_new(); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 62040f9f1d..eec45cfa48 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -815,6 +815,7 @@ static int ssl3_get_server_certificate(SSL *s) X509_free(s->session->peer); CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); s->session->peer=x; + s->session->verify_result = s->verify_result; x=NULL; ret=1; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 416def8908..7064262def 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) if (s->session != NULL) SSL_SESSION_free(s->session); s->session=session; + s->verify_result = s->session->verify_result; /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ ret=1; } |