Add comments explaining what NETSCAPE_HANG_BUG does.

(Or should we just drop this? It only matters for servers trying to use client auth.) Change-Id: I50b6999375dc8f9246bf617f17929ae304503c57 Reviewed-on: https://boringssl-review.googlesource.com/2602 Reviewed-by: Adam Langley <agl@google.com>
2014-12-14 19:05:38 -05:00 · 2014-12-14 19:05:38 -05:00 · bf42f82ad9
commit bf42f82ad9
parent 07046a0946
1 changed files with 4 additions and 0 deletions
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -465,6 +465,8 @@ int ssl3_accept(SSL *s)
 #ifndef NETSCAPE_HANG_BUG
 				s->state=SSL3_ST_SW_SRVR_DONE_A;
 #else
+				/* ServerHelloDone was already sent in the
+				 * previous record. */
 				s->state=SSL3_ST_SW_FLUSH;
 				s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
 #endif
@ -1883,6 +1885,8 @@ int ssl3_send_certificate_request(SSL *s)
 #ifdef NETSCAPE_HANG_BUG
 		if (!SSL_IS_DTLS(s))
 			{
+			/* Prepare a ServerHelloDone in the same record. This is
+			 * to workaround a hang in Netscape. */
 			if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
 				{
 				OPENSSL_PUT_ERROR(SSL, ssl3_send_certificate_request, ERR_R_BUF_LIB);