generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Store verify_result with sessions to avoid potential security hole.

Browse Source 
For the server side this was already done one year ago :-(
This commit is contained in:
Lutz Jänicke 2000-11-29 16:04:38 +00:00
parent 03a0848922
commit 0dd2254d76
3 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/s2_clnt.c
View File

@ -921,6 +921,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
goto err; goto err;
} }
ERR_clear_error(); /* but we keep s->verify_result */ ERR_clear_error(); /* but we keep s->verify_result */
s->session->verify_result = s->verify_result;
/* server's cert for this session */ /* server's cert for this session */
sc=ssl_sess_cert_new(); sc=ssl_sess_cert_new();

1
ssl/s3_clnt.c
View File

@ -815,6 +815,7 @@ static int ssl3_get_server_certificate(SSL *s)
X509_free(s->session->peer); X509_free(s->session->peer);
CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
s->session->peer=x; s->session->peer=x;
s->session->verify_result = s->verify_result;
x=NULL; x=NULL;
ret=1; ret=1;

1
ssl/ssl_sess.c
View File

@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
if (s->session != NULL) if (s->session != NULL)
SSL_SESSION_free(s->session); SSL_SESSION_free(s->session);
s->session=session; s->session=session;
s->verify_result = s->session->verify_result;
/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
ret=1; ret=1;
} }