diff options
Diffstat (limited to 'src/ssl/d1_clnt.c')
-rw-r--r-- | src/ssl/d1_clnt.c | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/src/ssl/d1_clnt.c b/src/ssl/d1_clnt.c index 92fb8f6..73a3f8a 100644 --- a/src/ssl/d1_clnt.c +++ b/src/ssl/d1_clnt.c @@ -112,6 +112,8 @@ * [including the GNU Public Licence.] */ +#include <openssl/ssl.h> + #include <assert.h> #include <stdio.h> #include <string.h> @@ -128,6 +130,7 @@ #include "internal.h" + static int dtls1_get_hello_verify(SSL *s); int dtls1_connect(SSL *s) { @@ -188,9 +191,8 @@ int dtls1_connect(SSL *s) { case SSL3_ST_CW_CLNT_HELLO_B: s->shutdown = 0; - /* every DTLS ClientHello resets Finished MAC */ - if (!ssl3_init_finished_mac(s)) { - OPENSSL_PUT_ERROR(SSL, dtls1_connect, ERR_R_INTERNAL_ERROR); + if (!ssl3_init_handshake_buffer(s)) { + OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); ret = -1; goto end; } @@ -261,7 +263,7 @@ int dtls1_connect(SSL *s) { if (s->s3->tmp.certificate_status_expected) { s->state = SSL3_ST_CR_CERT_STATUS_A; } else { - s->state = SSL3_ST_CR_KEY_EXCH_A; + s->state = SSL3_ST_VERIFY_SERVER_CERT; } } else { skip = 1; @@ -270,6 +272,16 @@ int dtls1_connect(SSL *s) { s->init_num = 0; break; + case SSL3_ST_VERIFY_SERVER_CERT: + ret = ssl3_verify_server_cert(s); + if (ret <= 0) { + goto end; + } + + s->state = SSL3_ST_CR_KEY_EXCH_A; + s->init_num = 0; + break; + case SSL3_ST_CR_KEY_EXCH_A: case SSL3_ST_CR_KEY_EXCH_B: ret = ssl3_get_server_key_exchange(s); @@ -278,13 +290,6 @@ int dtls1_connect(SSL *s) { } s->state = SSL3_ST_CR_CERT_REQ_A; s->init_num = 0; - - /* at this point we check that we have the - * required stuff from the server */ - if (!ssl3_check_cert_and_algorithm(s)) { - ret = -1; - goto end; - } break; case SSL3_ST_CR_CERT_REQ_A: @@ -426,7 +431,7 @@ int dtls1_connect(SSL *s) { if (ret <= 0) { goto end; } - s->state = SSL3_ST_CR_KEY_EXCH_A; + s->state = SSL3_ST_VERIFY_SERVER_CERT; s->init_num = 0; break; @@ -483,7 +488,7 @@ int dtls1_connect(SSL *s) { goto end; default: - OPENSSL_PUT_ERROR(SSL, dtls1_connect, SSL_R_UNKNOWN_STATE); + OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_STATE); ret = -1; goto end; } @@ -538,7 +543,7 @@ static int dtls1_get_hello_verify(SSL *s) { !CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) || CBS_len(&hello_verify_request) != 0) { al = SSL_AD_DECODE_ERROR; - OPENSSL_PUT_ERROR(SSL, dtls1_get_hello_verify, SSL_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); goto f_err; } |