summaryrefslogtreecommitdiffstats
path: root/src/ssl/d1_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/d1_clnt.c')
-rw-r--r--src/ssl/d1_clnt.c33
1 files changed, 14 insertions, 19 deletions
diff --git a/src/ssl/d1_clnt.c b/src/ssl/d1_clnt.c
index 73a3f8a..92fb8f6 100644
--- a/src/ssl/d1_clnt.c
+++ b/src/ssl/d1_clnt.c
@@ -112,8 +112,6 @@
* [including the GNU Public Licence.]
*/
-#include <openssl/ssl.h>
-
#include <assert.h>
#include <stdio.h>
#include <string.h>
@@ -130,7 +128,6 @@
#include "internal.h"
-
static int dtls1_get_hello_verify(SSL *s);
int dtls1_connect(SSL *s) {
@@ -191,8 +188,9 @@ int dtls1_connect(SSL *s) {
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown = 0;
- if (!ssl3_init_handshake_buffer(s)) {
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+ /* every DTLS ClientHello resets Finished MAC */
+ if (!ssl3_init_finished_mac(s)) {
+ OPENSSL_PUT_ERROR(SSL, dtls1_connect, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
}
@@ -263,7 +261,7 @@ int dtls1_connect(SSL *s) {
if (s->s3->tmp.certificate_status_expected) {
s->state = SSL3_ST_CR_CERT_STATUS_A;
} else {
- s->state = SSL3_ST_VERIFY_SERVER_CERT;
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
}
} else {
skip = 1;
@@ -272,16 +270,6 @@ int dtls1_connect(SSL *s) {
s->init_num = 0;
break;
- case SSL3_ST_VERIFY_SERVER_CERT:
- ret = ssl3_verify_server_cert(s);
- if (ret <= 0) {
- goto end;
- }
-
- s->state = SSL3_ST_CR_KEY_EXCH_A;
- s->init_num = 0;
- break;
-
case SSL3_ST_CR_KEY_EXCH_A:
case SSL3_ST_CR_KEY_EXCH_B:
ret = ssl3_get_server_key_exchange(s);
@@ -290,6 +278,13 @@ int dtls1_connect(SSL *s) {
}
s->state = SSL3_ST_CR_CERT_REQ_A;
s->init_num = 0;
+
+ /* at this point we check that we have the
+ * required stuff from the server */
+ if (!ssl3_check_cert_and_algorithm(s)) {
+ ret = -1;
+ goto end;
+ }
break;
case SSL3_ST_CR_CERT_REQ_A:
@@ -431,7 +426,7 @@ int dtls1_connect(SSL *s) {
if (ret <= 0) {
goto end;
}
- s->state = SSL3_ST_VERIFY_SERVER_CERT;
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
s->init_num = 0;
break;
@@ -488,7 +483,7 @@ int dtls1_connect(SSL *s) {
goto end;
default:
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_STATE);
+ OPENSSL_PUT_ERROR(SSL, dtls1_connect, SSL_R_UNKNOWN_STATE);
ret = -1;
goto end;
}
@@ -543,7 +538,7 @@ static int dtls1_get_hello_verify(SSL *s) {
!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) ||
CBS_len(&hello_verify_request) != 0) {
al = SSL_AD_DECODE_ERROR;
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+ OPENSSL_PUT_ERROR(SSL, dtls1_get_hello_verify, SSL_R_DECODE_ERROR);
goto f_err;
}