generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and

Browse Source 
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
This commit is contained in:
Dr. Stephen Henson
2010-02-27 23:04:10 +00:00
parent fc11f47229
commit fbe2c6b33e
2 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ssl/s3_clnt.c
View File

@@ -981,7 +981,9 @@ int ssl3_get_server_certificate(SSL *s)
if (!ok) return((int)n);
if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&
(s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
{
s->s3->tmp.reuse_message=1;
return(1);
@@ -2868,13 +2870,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
DH *dh;
#endif
sc=s->session->sess_cert;
if (sc == NULL)
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
goto err;
}
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
@@ -2882,6 +2877,13 @@ int ssl3_check_cert_and_algorithm(SSL *s)
if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
return(1);
sc=s->session->sess_cert;
if (sc == NULL)
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
goto err;
}
#ifndef OPENSSL_NO_RSA
rsa=s->session->sess_cert->peer_rsa_tmp;
#endif