On Fri Dec 26 12:19:01 2014, sameerpjo...@gmail.com wrote: > Hi, > > I see a problem in OpenSSL code and want to confirm if this has been > already reported as a bug or not. > > If the server sends CertificateRequest during TLS handshake in case of > TLS1.2, the Client processes this request in method > ssl3_get_certificate_request(SSL* s). > > While processing the request it calls tls1_process_sigalgs() method to > process the signature algorithms. > > In this method tls1_process_sigalgs(), its being checked if the s->cert > pointer is NULL . This actually means the check whether the client has its > own certificate or not. In case the pointer is NULL, indicating the client > does not have certificate, the function returns zero or failure. TLS > handshake fails here with "decode error" owing to > SSL_R_SIGNATURE_ALGORITHMS_ERROR. >
Can you actually produce the above error using s_client/s_server? The s->cert field is not NULL if there is no client certificate: it is a structure which contains certificate related information which is set up in SSL_new(). It should never be NULL hence the "Should never happen" comment. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
