From c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 15 Jul 2014 18:21:59 +0100 Subject: [PATCH] Fix DTLS certificate requesting code. Use same logic when determining when to expect a client certificate for both TLS and DTLS. PR#3452 --- ssl/d1_srvr.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 7816bbb503..1d2201de45 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -616,10 +616,11 @@ int dtls1_accept(SSL *s) s->state = SSL3_ST_SR_CLNT_HELLO_C; } else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } -- 2.25.1