Store verify_result with sessions to avoid potential security hole.

For the server side this was already done one year ago :-(
2000-11-29 16:04:38 +00:00
parent 03a0848922
commit 0dd2254d76
3 changed files with 3 additions and 0 deletions
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -921,6 +921,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
 		goto err;
 		}
 	ERR_clear_error(); /* but we keep s->verify_result */
+	s->session->verify_result = s->verify_result;

 	/* server's cert for this session */
 	sc=ssl_sess_cert_new();