Store verify_result with sessions to avoid potential security hole.

commit: b1fe6ca175bdbb51a064c1e5519b21d80804e7c6 [log] [tgz]
author: Bodo Möller <bodo@openssl.org> Tue Nov 16 23:15:41 1999 +0000
committer: Bodo Möller <bodo@openssl.org> Tue Nov 16 23:15:41 1999 +0000
tree: 10b79bff688db09e68db3edba6872022c4af1459
parent: 91895a5938695348ebfb6211325cc6e3e449e955 [diff] [blame]
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 961a2ca..dd3b149 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c

@@ -1627,6 +1627,7 @@
 	if (s->session->peer != NULL) /* This should not be needed */
 		X509_free(s->session->peer);
 	s->session->peer=sk_X509_shift(sk);
+	s->session->verify_result = s->verify_result;
 
 	/* With the current implementation, sess_cert will always be NULL
 	 * when we arrive here. */
commit	b1fe6ca175bdbb51a064c1e5519b21d80804e7c6	[log] [tgz]
author	Bodo Möller <bodo@openssl.org>	Tue Nov 16 23:15:41 1999 +0000
committer	Bodo Möller <bodo@openssl.org>	Tue Nov 16 23:15:41 1999 +0000
tree	10b79bff688db09e68db3edba6872022c4af1459
parent	91895a5938695348ebfb6211325cc6e3e449e955 [diff] [blame]