X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_srvr.c;h=68a8c812e037116ec2a3e80bd76d3c98d28193ff;hb=af9752e5faff5dd3c82fc2d02d1e7ad457ccb84a;hp=ccccd54102a4e9a0366e0c549f0df76d0ec1a2ab;hpb=77d514c5a00511017967f98b03a946d86c923e94;p=oweals%2Fopenssl.git

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ccccd54102..68a8c812e0 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -231,10 +231,6 @@ int ssl3_accept(SSL *s)
             return -1;
     }
 
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
 #ifndef OPENSSL_NO_HEARTBEATS
     /*
      * If we're awaiting a HeartbeatResponse, pretend we already got and
@@ -2172,10 +2168,7 @@ int ssl3_get_client_key_exchange(SSL *s)
          * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
          */
 
-        /*
-         * should be RAND_bytes, but we cannot work around a failure.
-         */
-        if (RAND_pseudo_bytes(rand_premaster_secret,
+        if (RAND_bytes(rand_premaster_secret,
                               sizeof(rand_premaster_secret)) <= 0)
             goto err;
         decrypt_len =
@@ -2893,8 +2886,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_EC
     EVP_PKEY_free(clnt_pub_pkey);
     EC_POINT_free(clnt_ecpoint);
-    if (srvr_ecdh != NULL)
-        EC_KEY_free(srvr_ecdh);
+    EC_KEY_free(srvr_ecdh);
     BN_CTX_free(bn_ctx);
 #endif
     return (-1);
@@ -3435,11 +3427,11 @@ int ssl3_send_newsession_ticket(SSL *s)
         /* Now write out lengths: p points to end of data written */
         /* Total length */
         len = p - ssl_handshake_start(s);
-        if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
-            goto err;
         /* Skip ticket lifetime hint */
         p = ssl_handshake_start(s) + 4;
         s2n(len - 6, p);
+        if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
+            goto err;
         s->state = SSL3_ST_SW_SESSION_TICKET_B;
         OPENSSL_free(senc);
     }