commit 08a1d4bce1f2662cc08af43fa1947a1e47ef6bee
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Sep 26 10:35:50 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:39 2014 +0200
tree bc21a5b5a3db67ecf75e97093002916ebb6aa55a
parent d0fd1daa6ba541dcb6d85e065fe412abb8083562

Fix bug with client auth with DTLS

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 333e58e..603d169 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3454,10 +3454,10 @@
     if( ssl->endpoint  == SSL_IS_SERVER &&
         ssl->minor_ver != SSL_MINOR_VERSION_0 )
     {
-        if( ssl->in_hslen   == 7                    &&
+        if( ssl->in_hslen   == 3 + ssl_hs_hdr_len( ssl ) &&
             ssl->in_msgtype == SSL_MSG_HANDSHAKE    &&
             ssl->in_msg[0]  == SSL_HS_CERTIFICATE   &&
-            memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 )
+            memcmp( ssl->in_msg + ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
         {
             SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );