File openssl-CVE-2015-0205.patch of Package openssl.502

commit 98a0f9660d374f58f79ee0efcc8c1672a805e8e8
Author: Dr. Stephen Henson <>
Date:   Thu Oct 23 20:36:17 2014 +0100

    Unauthenticated DH client certificate fix.
    Fix to prevent use of DH client certificates without sending
    certificate verify message.
    If we've used a client certificate to generate the premaster secret
    ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
    never called.
    We can only skip the certificate verify message in
    ssl3_get_cert_verify if the client didn't send a certificate.
    Thanks to Karthikeyan Bhargavan for reporting this issue.
    Reviewed-by: Matt Caswell <>

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index d883f86..fadca74 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3014,7 +3014,7 @@ int ssl3_get_cert_verify(SSL *s)
 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
-		if ((peer != NULL) && (type & EVP_PKT_SIGN))
+		if (peer != NULL)
openSUSE Build Service is sponsored by