ssl_write_certificate_request() can handle empty ca_chain

(cherry picked from commit 21360ca4d4) Conflicts: library/ssl_srv.c
2025-01-10 07:25:32 +00:00 · 2013-06-21 15:13:59 +02:00 · 2013-06-21 15:13:59 +02:00 · 3f5b753654
parent 8199a3375f
commit 3f5b753654
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@ -10,6 +10,7 @@ Bugfix
     instead of the x509parse_crt() wrapper that can also parse PEM
 	 certificates
   * Fixed values for 2-key Triple DES in cipher layer
+   * ssl_write_certificate_request() can handle empty ca_chain

 Security
   * A possible DoS during the SSL Handshake, due to faulty parsing of
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -505,7 +505,7 @@ static int ssl_write_certificate_request( ssl_context *ssl )
    p += 2;
    crt = ssl->ca_chain;

-    while( crt != NULL )
+    while( crt != NULL && crt->version != 0)
    {
        if( p - buf > 4096 )
            break;