*) Fix flaw if 'Server Key exchange message' is omitted from a TLS Handshake which could lead to a cilent crash as found using the Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox] Index: ssl/s3_clnt.c =================================================================== RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v retrieving revision 1.88.2.12 diff -u -r1.88.2.12 ssl/s3_clnt.c --- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 +++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000 @@ -2061,6 +2061,13 @@ { DH *dh_srvr,*dh_clnt; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr=s->session->sess_cert->peer_dh_tmp; else