From 482b4f189f63db79b36b9f68e65704a1c18e4131 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@chromium.org>
Date: Thu, 24 Jul 2014 18:14:26 -0700
Subject: [PATCH] Fix DTLS certificate requesting code.

Use same logic when determining when to expect a client certificate for
both TLS and DTLS.

PR#3452

(Imported from upstream's 666a597ffb9bcf3ba2d49e711fcca28df91eff9d)

Change-Id: Ia267255a32c0b3b9a7da1c53f13ef6f620ff5ec1
---
 ssl/d1_srvr.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 3d30fcc1..4e4d92a4 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -479,10 +479,11 @@ int dtls1_accept(SSL *s)
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
 				}
 			else {
-				/* could be sent for a DH cert, even if we
-				 * have not asked for it :-) */
-				ret=ssl3_get_client_certificate(s);
-				if (ret <= 0) goto end;
+				if (s->s3->tmp.cert_request)
+					{
+					ret=ssl3_get_client_certificate(s);
+					if (ret <= 0) goto end;
+					}
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}