Fix for Netscape "hang" bug.
diff --git a/CHANGES b/CHANGES
index 6457df5..b436189 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
+ *) Work around for Netscape hang bug. This sends certificate request
+ and server done in one record. Since this is perfectly legal in the
+ SSL/TLS protocol it isn't a "bug" option and is on by default. See
+ the bugs/SSLv3 entry for more info.
+ [Steve Henson]
+
*) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
[Andy Polyakov]
diff --git a/bugs/SSLv3 b/bugs/SSLv3
index 2e22a65..db53e13 100644
--- a/bugs/SSLv3
+++ b/bugs/SSLv3
@@ -39,3 +39,11 @@
Netscape, when using export ciphers, will accept a 1024 bit temporary
RSA key. It is supposed to only accept 512.
+
+If Netscape connects to a server which requests a client certificate
+it will frequently hang after the user has selected one and never
+complete the connection. Hitting "Stop" and reload fixes this and
+all subsequent connections work fine. This appears to be because
+Netscape wont read any new records in when it is awaiting a server
+done message at this point. The fix is to send the certificate request
+and server done messages in one record.
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b6b09e9..c18b9c9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -57,6 +57,8 @@
*/
#define REUSE_CIPHER_BUG
+#define NETSCAPE_HANG_BUG
+
#include <stdio.h>
#include <openssl/buffer.h>
@@ -313,7 +315,12 @@
s->s3->tmp.cert_request=1;
ret=ssl3_send_certificate_request(s);
if (ret <= 0) goto end;
+#ifndef NETSCAPE_HANG_BUG
s->state=SSL3_ST_SW_SRVR_DONE_A;
+#else
+ s->state=SSL3_ST_SW_FLUSH;
+ s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+#endif
s->init_num=0;
}
break;
@@ -1194,6 +1201,17 @@
s->init_num=n+4;
s->init_off=0;
+#ifdef NETSCAPE_HANG_BUG
+ p=(unsigned char *)s->init_buf->data + s->init_num;
+
+ /* do the header */
+ *(p++)=SSL3_MT_SERVER_DONE;
+ *(p++)=0;
+ *(p++)=0;
+ *(p++)=0;
+ s->init_num += 4;
+#endif
+
}
/* SSL3_ST_SW_CERT_REQ_B */
