commit 33e799fe192ed38b83508f8bf6f4b732878327e1
author David Benjamin <davidben@chromium.org> Fri Dec 19 05:45:06 2014 -0500
committer Adam Langley <agl@google.com> Mon Jan 26 18:41:08 2015 +0000
tree e2abe0bce691fbc732d6734b34376c12dc7f14df
parent c898ce752f9a6e95399ee9fb4570339ec3469018

Don't allow CCS just before CertificateVerify in DTLS.

This is the DTLS-side equivalent of 6553b379e2dbda9d03f6892f45fa97e4d8a37f04.

Change-Id: I5eb7f9d6d5030e375baa1406b00e3166d276dc84
Reviewed-on: https://boringssl-review.googlesource.com/3027
Reviewed-by: Adam Langley <agl@google.com>

ssl/d1_srvr.c

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index e4c57c3..5bce98e 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -430,8 +430,6 @@
 
       case SSL3_ST_SR_CERT_VRFY_A:
       case SSL3_ST_SR_CERT_VRFY_B:
-        s->d1->change_cipher_spec_ok = 1;
-        /* we should decide if we expected this one */
         ret = ssl3_get_cert_verify(s);
         if (ret <= 0) {
           goto end;