Don't request client certificate in anonymous ciphersuites

except when following the specs is bound to fail.

Don't request client certificate in anonymous ciphersuites
except when following the specs is bound to fail.
47134b78 · Bodo Möller · 45fd4dbb · 47134b78 · 47134b78
隐藏空白更改
内联并排

Showing with 21 addition and 3 deletion

CHANGES CHANGES +8 -0

ssl/s3_srvr.c ssl/s3_srvr.c +13 -3

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

+  *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+     ciphersuites has been selected (as required by the SSL 3/TLS 1
+     specifications).  Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+     is set, we interpret this as a request to violate the specification
+     (the worst that can happen is a handshake failure, and 'correct'
+     behaviour would result in a handshake failure anyway).
+     [Bodo Moeller]
+
  *) In SSL_CTX_add_session, take into account that there might be multiple
     SSL_SESSION structures with the same session ID (e.g. when two threads
     concurrently obtain them from an external cache).

--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -287,9 +287,19 @@ int ssl3_accept(SSL *s)

 		case SSL3_ST_SW_CERT_REQ_A:
 		case SSL3_ST_SW_CERT_REQ_B:
-			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+			if (/* don't request cert unless asked for it: */
+				!(s->verify_mode & SSL_VERIFY_PEER) ||
+				/* if SSL_VERIFY_CLIENT_ONCE is set,
+				 * don't request cert during re-negotiation: */
 				((s->session->peer != NULL) &&
-				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
+				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+				/* never request cert in anonymous ciphersuites
+				 * (see section "Certificate request" in SSL 3 drafts
+				 * and in RFC 2246): */
+				((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+				 /* ... except when the application insists on verification
+				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
+				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
 				{
 				/* no cert request */
 				skip=1;
@@ -1531,7 +1541,7 @@ static int ssl3_get_client_certificate(SSL *s)
 			al=SSL_AD_HANDSHAKE_FAILURE;
 			goto f_err;
 			}
-		/* If tls asked for a client cert we must return a 0 list */
+		/* If tls asked for a client cert, the client must return a 0 list */
 		if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);