From f92263021c86b5a6565605082171c49ec5b83e9b Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 6 Jun 2013 11:24:37 +0200
Subject: [PATCH] Fixed offset for cert_type list in
 ssl_parse_certificate_request()

---
 ChangeLog         | 1 +
 library/ssl_cli.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 805ffceaa..28a7bbee3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@ PolarSSL ChangeLog
 Bugfix
    * Secure renegotiation extension should only be sent in case client
      supports secure renegotiation
+   * Fixed offset for cert_type list in ssl_parse_certificate_request()
 
 = Version 1.2.7 released 2013-04-13
 Features
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7019ed07b..e4a102b90 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -951,7 +951,7 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
         return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
     }
 
-    p = buf + 4;
+    p = buf + 5;
     while( cert_type_len > 0 )
     {
         if( *p == SSL_CERT_TYPE_RSA_SIGN )