Lines 972-978
Link Here
|
972 |
} |
972 |
} |
973 |
i=ssl_verify_cert_chain(s,sk); |
973 |
i=ssl_verify_cert_chain(s,sk); |
974 |
if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) |
974 |
if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) |
975 |
#ifndef OPENSSL_NO_KRB5 |
975 |
#ifndef OPENSSL_NO_KRB5 |
976 |
&& (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) |
976 |
&& (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) |
977 |
!= (SSL_aKRB5|SSL_kKRB5) |
977 |
!= (SSL_aKRB5|SSL_kKRB5) |
Lines 1459-1465
Link Here
|
1459 |
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
1459 |
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
1460 |
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
1460 |
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
1461 |
EVP_VerifyUpdate(&md_ctx,param,param_len); |
1461 |
EVP_VerifyUpdate(&md_ctx,param,param_len); |
1462 |
if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) |
1462 |
if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) |
1463 |
{ |
1463 |
{ |
1464 |
/* bad signature */ |
1464 |
/* bad signature */ |
1465 |
al=SSL_AD_DECRYPT_ERROR; |
1465 |
al=SSL_AD_DECRYPT_ERROR; |
Lines 1477-1483
Link Here
|
1477 |
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
1477 |
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
1478 |
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
1478 |
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
1479 |
EVP_VerifyUpdate(&md_ctx,param,param_len); |
1479 |
EVP_VerifyUpdate(&md_ctx,param,param_len); |
1480 |
if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) |
1480 |
if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) |
1481 |
{ |
1481 |
{ |
1482 |
/* bad signature */ |
1482 |
/* bad signature */ |
1483 |
al=SSL_AD_DECRYPT_ERROR; |
1483 |
al=SSL_AD_DECRYPT_ERROR; |