diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2003-09-03 23:47:34 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2003-09-03 23:47:34 +0000 |
commit | 14f3d7c5ccd38875d5f3ee2007baec5a7240adc0 (patch) | |
tree | b3c5d1ce8e250369178588ef5c8b10ba87bcdd7d /ssl/s3_srvr.c | |
parent | 510dc1ecd00296a17a9b680288290942d82beddf (diff) | |
download | openssl-14f3d7c5ccd38875d5f3ee2007baec5a7240adc0.tar.gz |
Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 32ddc48090..ca39d6b1c8 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -456,10 +456,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } |