yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-04-26 08:46:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secure renegotiation extension should only be sent in case client supports secure renegotiation

Browse source
This commit is contained in:
Paul Bakker 2013-06-06 11:22:13 +02:00
parent 822e958bb2
commit 7c3c3899cf
2 changed files with 27 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,5 +1,10 @@
PolarSSL ChangeLog PolarSSL ChangeLog
= Branch 1.2
Bugfix
* Secure renegotiation extension should only be sent in case client
supports secure renegotiation
= Version 1.2.7 released 2013-04-13 = Version 1.2.7 released 2013-04-13
Features Features
* Ability to specify allowed ciphersuites based on the protocol version. * Ability to specify allowed ciphersuites based on the protocol version.

3
library/ssl_srv.c
View file

@ -864,6 +864,8 @@ static int ssl_write_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
ssl->session_negotiate->compression ) ); ssl->session_negotiate->compression ) );
if( ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION )
{
SSL_DEBUG_MSG( 3, ( "server hello, prepping for secure renegotiation extension" ) ); SSL_DEBUG_MSG( 3, ( "server hello, prepping for secure renegotiation extension" ) );
ext_len += 5 + ssl->verify_data_len * 2; ext_len += 5 + ssl->verify_data_len * 2;
@ -889,6 +891,7 @@ static int ssl_write_server_hello( ssl_context *ssl )
p += ssl->verify_data_len; p += ssl->verify_data_len;
memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
p += ssl->verify_data_len; p += ssl->verify_data_len;
}
ssl->out_msglen = p - buf; ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE; ssl->out_msgtype = SSL_MSG_HANDSHAKE;