Use correct header length in ssl3_send_certifcate_request
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bfd0524..5d0432f 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -2106,12 +2106,12 @@ { name=sk_X509_NAME_value(sk,i); j=i2d_X509_NAME(name,NULL); - if (!BUF_MEM_grow_clean(buf,4+n+j+2)) + if (!BUF_MEM_grow_clean(buf,SSL_HM_HEADER_LENGTH(s)+n+j+2)) { SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); goto err; } - p=(unsigned char *)&(buf->data[4+n]); + p = ssl_handshake_start(s) + n; if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) { s2n(j,p);