There is code error in s3_srvr.c function ssl3_get_cert_verify().
There is a condition if ((peer != NULL) && (type | EVP_PKT_SIGN))
- the second part of the condition is a no-op. The correct condition
should be if ((peer != NULL) && (type & EVP_PKT_SIGN)) although the
non-signing certificates with static DH parameters are not really used.
The bug was found by Coverity scan.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
