projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 50befdb)
Fix typo.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 6 Jan 2015 14:28:34 +0000 (14:28 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 8 Jan 2015 14:31:19 +0000 (14:31 +0000)
Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
message if certificate is absent.

NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
support DH certificates and this typo prohibits skipping of
certificate verify message for sign only certificates anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/s3_srvr.c patch | blob | history

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 18832e910b9cc67a853ee0177e670ced99617918..496ae80a250fd0929f6c55946eeda714cf46c735 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2400,7 +2400,7 @@ int ssl3_get_cert_verify(SSL *s)
        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
                {
                s->s3->tmp.reuse_message=1;
-               if ((peer != NULL) && (type | EVP_PKT_SIGN))
+               if (peer != NULL)
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
Unnamed repository; edit this file 'description' to name the repository.