Swap branches accepting/refusing renegotiation in in ssl_read

This commit is contained in:
Hanno Becker 2017-10-25 09:33:22 +01:00
parent 75ea35eac8
commit 268191a305

View file

@ -4770,10 +4770,20 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
} }
#endif #endif
if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED || if( ! ( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION && ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
ssl->allow_legacy_renegotiation == ssl->allow_legacy_renegotiation ==
SSL_LEGACY_NO_RENEGOTIATION ) ) SSL_LEGACY_NO_RENEGOTIATION ) ) )
{
ret = ssl_start_renegotiation( ssl );
if( ret != POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
ret != 0 )
{
SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
return( ret );
}
}
else
{ {
SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) ); SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) );
@ -4807,16 +4817,6 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
} }
} }
else
{
ret = ssl_start_renegotiation( ssl );
if( ret != POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
ret != 0 )
{
SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
return( ret );
}
}
return( POLARSSL_ERR_NET_WANT_READ ); return( POLARSSL_ERR_NET_WANT_READ );
} }