Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
47134b78
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
47134b78
编写于
12月 29, 1999
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Don't request client certificate in anonymous ciphersuites
except when following the specs is bound to fail.
上级
45fd4dbb
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
21 addition
and
3 deletion
+21
-3
CHANGES
CHANGES
+8
-0
ssl/s3_srvr.c
ssl/s3_srvr.c
+13
-3
未找到文件。
CHANGES
浏览文件 @
47134b78
...
...
@@ -4,6 +4,14 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) SSL 3/TLS 1 servers now don't request certificates when an anonymous
ciphersuites has been selected (as required by the SSL 3/TLS 1
specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
is set, we interpret this as a request to violate the specification
(the worst that can happen is a handshake failure, and 'correct'
behaviour would result in a handshake failure anyway).
[Bodo Moeller]
*) In SSL_CTX_add_session, take into account that there might be multiple
SSL_SESSION structures with the same session ID (e.g. when two threads
concurrently obtain them from an external cache).
...
...
ssl/s3_srvr.c
浏览文件 @
47134b78
...
...
@@ -287,9 +287,19 @@ int ssl3_accept(SSL *s)
case
SSL3_ST_SW_CERT_REQ_A
:
case
SSL3_ST_SW_CERT_REQ_B
:
if
(
!
(
s
->
verify_mode
&
SSL_VERIFY_PEER
)
||
if
(
/* don't request cert unless asked for it: */
!
(
s
->
verify_mode
&
SSL_VERIFY_PEER
)
||
/* if SSL_VERIFY_CLIENT_ONCE is set,
* don't request cert during re-negotiation: */
((
s
->
session
->
peer
!=
NULL
)
&&
(
s
->
verify_mode
&
SSL_VERIFY_CLIENT_ONCE
)))
(
s
->
verify_mode
&
SSL_VERIFY_CLIENT_ONCE
))
||
/* never request cert in anonymous ciphersuites
* (see section "Certificate request" in SSL 3 drafts
* and in RFC 2246): */
((
s
->
s3
->
tmp
.
new_cipher
->
algorithms
&
SSL_aNULL
)
&&
/* ... except when the application insists on verification
* (against the specs, but s3_clnt.c accepts this for SSL 3) */
!
(
s
->
verify_mode
&
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
)))
{
/* no cert request */
skip
=
1
;
...
...
@@ -1531,7 +1541,7 @@ static int ssl3_get_client_certificate(SSL *s)
al
=
SSL_AD_HANDSHAKE_FAILURE
;
goto
f_err
;
}
/* If tls asked for a client cert
we
must return a 0 list */
/* If tls asked for a client cert
, the client
must return a 0 list */
if
((
s
->
version
>
SSL3_VERSION
)
&&
s
->
s3
->
tmp
.
cert_request
)
{
SSLerr
(
SSL_F_SSL3_GET_CLIENT_CERTIFICATE
,
SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录