We need to read one more byte of the REQUEST-CERTIFICATE message.

PR: 300
2002-11-15 09:16:56 +00:00 · 2002-11-15 09:16:56 +00:00 · 3aefe06f0f
commit 3aefe06f0f
parent fa015977de
2 changed files with 6 additions and 2 deletions
--- a/4
+++ b/4
@ -4,6 +4,10 @@

 Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]

+  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+     [Zeev Lieber <zeev-l@yahoo.com>]
+
  *) Change the default configuration reader to deal with last line not
     being properly terminated.
     [Richard Levitte]
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@ -752,8 +752,8 @@ static int client_certificate(SSL *s)
 	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
 		{
 		i=ssl2_read(s,(char *)&(buf[s->init_num]),
-			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
-		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
 			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
 		s->init_num += i;