From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 15 Jul 2014 17:21:59 +0000 (+0100)
Subject: Fix DTLS certificate requesting code.
X-Git-Tag: OpenSSL_1_0_1i~32
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=67bde7d465d87cf14a31cfab6b14e8d0f7b3b739;p=oweals%2Fopenssl.git

Fix DTLS certificate requesting code.

Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65)
---

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index ef9c347edd..4b8ba3e452 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -598,10 +598,11 @@ int dtls1_accept(SSL *s)
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
 				}
 			else {
-				/* could be sent for a DH cert, even if we
-				 * have not asked for it :-) */
-				ret=ssl3_get_client_certificate(s);
-				if (ret <= 0) goto end;
+				if (s->s3->tmp.cert_request)
+					{
+					ret=ssl3_get_client_certificate(s);
+					if (ret <= 0) goto end;
+					}
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}