From 7c3c3899cf528f00b346f465e69d5a59f9e8410e Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 6 Jun 2013 11:22:13 +0200
Subject: [PATCH] Secure renegotiation extension should only be sent in case
 client supports secure renegotiation

---
 ChangeLog         |  5 +++++
 library/ssl_srv.c | 41 ++++++++++++++++++++++-------------------
 2 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5aab8af2b..805ffceaa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 PolarSSL ChangeLog
 
+= Branch 1.2
+Bugfix
+   * Secure renegotiation extension should only be sent in case client
+     supports secure renegotiation
+
 = Version 1.2.7 released 2013-04-13
 Features
    * Ability to specify allowed ciphersuites based on the protocol version.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1678e3146..ee4163359 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -864,31 +864,34 @@ static int ssl_write_server_hello( ssl_context *ssl )
     SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
                    ssl->session_negotiate->compression ) );
 
-    SSL_DEBUG_MSG( 3, ( "server hello, prepping for secure renegotiation extension" ) );
-    ext_len += 5 + ssl->verify_data_len * 2;
+    if( ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION )
+    {
+        SSL_DEBUG_MSG( 3, ( "server hello, prepping for secure renegotiation extension" ) );
+        ext_len += 5 + ssl->verify_data_len * 2;
 
-    SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d",
-                   ext_len ) );
+        SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d",
+                       ext_len ) );
 
-    *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
 
-    /*
-     * Secure renegotiation
-     */
-    SSL_DEBUG_MSG( 3, ( "client hello, secure renegotiation extension" ) );
+        /*
+         * Secure renegotiation
+         */
+        SSL_DEBUG_MSG( 3, ( "client hello, secure renegotiation extension" ) );
 
-    *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO      ) & 0xFF );
+        *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
+        *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO      ) & 0xFF );
 
-    *p++ = 0x00;
-    *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
-    *p++ = ssl->verify_data_len * 2 & 0xFF;
+        *p++ = 0x00;
+        *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
+        *p++ = ssl->verify_data_len * 2 & 0xFF;
 
-    memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
-    p += ssl->verify_data_len;
-    memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
-    p += ssl->verify_data_len;
+        memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
+        p += ssl->verify_data_len;
+        memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+        p += ssl->verify_data_len;
+    }
 
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = SSL_MSG_HANDSHAKE;