Stop server from expecting Certificate message when not requested

In a non client-auth renegotiation where the original handshake *was* client auth, then the server will expect the client to send a Certificate message anyway resulting in a connection failure. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1982)
2025-01-18 13:44:20 +08:00 · 2016-11-22 16:54:28 +00:00 · 2016-11-22 16:54:28 +00:00 · 23573051a5
commit 23573051a5
parent 10305baf26
1 changed files with 2 additions and 1 deletions
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@ -347,6 +347,8 @@ static int state_machine(SSL *s, int server)
                 */
                s->ctx->stats.sess_accept_renegotiate++;
            }
+
+            s->s3->tmp.cert_request = 0;
        } else {
            s->ctx->stats.sess_connect++;

@ -354,7 +356,6 @@ static int state_machine(SSL *s, int server)
            memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
            s->hit = 0;

-            s->s3->tmp.cert_request = 0;
            s->s3->tmp.cert_req = 0;

            if (SSL_IS_DTLS(s)) {