ssl_write_certificate_request() can handle empty ca_chain

2025-01-23 20:20:59 +00:00 · 2013-06-21 15:11:10 +02:00 · 2013-06-21 15:11:10 +02:00 · 21360ca4d4
parent 016ea076e7
commit 21360ca4d4
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@ -30,6 +30,7 @@ Bugfix
   * x509parse_crtpath() is now reentrant and uses more portable stat()
   * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
   * Fixed values for 2-key Triple DES in cipher layer
+   * ssl_write_certificate_request() can handle empty ca_chain

 Security
   * A possible DoS during the SSL Handshake, due to faulty parsing of
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -972,7 +972,7 @@ static int ssl_write_certificate_request( ssl_context *ssl )
    crt = ssl->ca_chain;

    total_dn_size = 0;
-    while( crt != NULL )
+    while( crt != NULL && crt->version != 0)
    {
        if( p - buf > 4096 )
            break;