Fix SSL handshake functions and SSL_clear() such that SSL_clear()

author Bodo Möller <bodo@openssl.org>

Wed, 24 Oct 2001 19:05:26 +0000 (19:05 +0000)

committer Bodo Möller <bodo@openssl.org>

Wed, 24 Oct 2001 19:05:26 +0000 (19:05 +0000)
author Bodo Möller <bodo@openssl.org>
Wed, 24 Oct 2001 19:05:26 +0000 (19:05 +0000)
committer Bodo Möller <bodo@openssl.org>
Wed, 24 Oct 2001 19:05:26 +0000 (19:05 +0000)
diff --git a/CHANGES b/CHANGES

index e7755c1303829bcdd22d2f4b09496c760352fa0c..812f139f545c07886aa7e524447c70185a5cdfd3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
  
   Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]
  
+  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+     never resets s->method to s->ctx->method when called from within
+     one of the SSL handshake functions.
+     [Bodo Moeller; problem pointed out by Niko Baric]
+
    *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
       (sent using the client's version number) if client_version is
       smaller than the protocol version in use.  Also change
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c

index 5050a13ef20602de57b5228f27ca09504eb619ec..2d0eb4a8fff32290e328e532f3a0dccc5363d67c 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -113,8 +113,8 @@ int ssl23_connect(SSL *s)
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
         
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
  
         for (;;)
                 {
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c

index 789c9b648f77e1d498b3ffdf8db751aa85b6377c..a403af36718a3ed071d274bab05bdc7fdc1b3320 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -165,8 +165,8 @@ int ssl23_accept(SSL *s)
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
         
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
  
         for (;;)
                 {
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c

index 28d6d652961684101c317392e42a75a8d29413f0..7c22f9e56abbb304f5da06381b66deb08f9c773f 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -118,8 +118,8 @@ int ssl2_connect(SSL *s)
                 cb=s->ctx->info_callback;
  
         /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  
         for (;;)
                 {
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c

index 2fa2f310a8eded974e762d1d00222a10b96df485..2eecfda1f92e6d8e2e9c1c341125921456526cb8 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -119,8 +119,8 @@ int ssl2_accept(SSL *s)
                 cb=s->ctx->info_callback;
  
         /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  
         if (s->cert == NULL)
                 {
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index f56f12788aa588cf6cdd39e7051a5865696d2a46..e02f625155cb51d7902c4390a05676a7924199a3 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -119,8 +119,8 @@ int ssl3_connect(SSL *s)
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
         
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
  
         for (;;)
                 {
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 53da285bd3bdba552f2dd329831bff1012e47d73..21bd968579933af0931d2e743ee1a190c3c47ec6 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -179,8 +179,8 @@ int ssl3_accept(SSL *s)
                 cb=s->ctx->info_callback;
  
         /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  
         if (s->cert == NULL)
                 {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 362b68984c508d39f0071fc76bb11b824e26f731..afcc18b6bb3815ce2768d4a80540f5a361029f1b 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -142,7 +142,7 @@ int SSL_clear(SSL *s)
  #if 1
         /* Check to see if we were changed into a different method, if
          * so, revert back if we are not doing session-id reuse. */
-       if ((s->session == NULL) && (s->method != s->ctx->method))
+       if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
                 {
                 s->method->ssl_free(s);
                 s->method=s->ctx->method;
author	Bodo Möller <bodo@openssl.org>
	Wed, 24 Oct 2001 19:05:26 +0000 (19:05 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Wed, 24 Oct 2001 19:05:26 +0000 (19:05 +0000)
CHANGES		patch \| blob \| history
ssl/s23_clnt.c		patch \| blob \| history
ssl/s23_srvr.c		patch \| blob \| history
ssl/s2_clnt.c		patch \| blob \| history
ssl/s2_srvr.c		patch \| blob \| history
ssl/s3_clnt.c		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history