wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix typo.

Browse source 
Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
message if certificate is absent.

NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
support DH certificates and this typo prohibits skipping of
certificate verify message for sign only certificates anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-01-06 14:28:34 +00:00 committed by Matt Caswell
parent 50befdb659
commit a4aa188799
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ssl/s3_srvr.c
View file

@ -2400,7 +2400,7 @@ int ssl3_get_cert_verify(SSL *s)
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{
s->s3->tmp.reuse_message=1;
if ((peer != NULL) && (type | EVP_PKT_SIGN))
if (peer != NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);