Add comments explaining what NETSCAPE_HANG_BUG does.

(Or should we just drop this? It only matters for servers trying to use client
auth.)

Change-Id: I50b6999375dc8f9246bf617f17929ae304503c57
Reviewed-on: https://boringssl-review.googlesource.com/2602
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-12-14 19:05:38 -05:00 committed by Adam Langley
parent 07046a0946
commit bf42f82ad9

View File

@ -465,6 +465,8 @@ int ssl3_accept(SSL *s)
#ifndef NETSCAPE_HANG_BUG #ifndef NETSCAPE_HANG_BUG
s->state=SSL3_ST_SW_SRVR_DONE_A; s->state=SSL3_ST_SW_SRVR_DONE_A;
#else #else
/* ServerHelloDone was already sent in the
* previous record. */
s->state=SSL3_ST_SW_FLUSH; s->state=SSL3_ST_SW_FLUSH;
s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
#endif #endif
@ -1883,6 +1885,8 @@ int ssl3_send_certificate_request(SSL *s)
#ifdef NETSCAPE_HANG_BUG #ifdef NETSCAPE_HANG_BUG
if (!SSL_IS_DTLS(s)) if (!SSL_IS_DTLS(s))
{ {
/* Prepare a ServerHelloDone in the same record. This is
* to workaround a hang in Netscape. */
if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
{ {
OPENSSL_PUT_ERROR(SSL, ssl3_send_certificate_request, ERR_R_BUF_LIB); OPENSSL_PUT_ERROR(SSL, ssl3_send_certificate_request, ERR_R_BUF_LIB);