From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 6 Jan 2015 14:28:34 +0000 (+0000)
Subject: Fix typo.
X-Git-Tag: OpenSSL_0_9_8zd~3
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a4aa18879917d9bd45f52ac110c69303a852b7db;p=oweals%2Fopenssl.git

Fix typo.

Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
message if certificate is absent.

NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
support DH certificates and this typo prohibits skipping of
certificate verify message for sign only certificates anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 18832e910b..496ae80a25 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2400,7 +2400,7 @@ int ssl3_get_cert_verify(SSL *s)
 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
 		{
 		s->s3->tmp.reuse_message=1;
-		if ((peer != NULL) && (type | EVP_PKT_SIGN))
+		if (peer != NULL)
 			{
 			al=SSL_AD_UNEXPECTED_MESSAGE;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);