mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-22 19:15:36 +00:00
Fix server-initiated renego with non-blocking I/O
This commit is contained in:
parent
a8c0a0dbd0
commit
f07f421759
|
@ -12,6 +12,8 @@ Bugfix
|
|||
* Remove non-existent file from VS projects (found by Peter Vaskovic).
|
||||
* ssl_read() could return non-application data records on server while
|
||||
renegotation was pending, and on client when a HelloRequest was received.
|
||||
* Server-initiated renegotiation would fail with non-blocking I/O if the
|
||||
write callback returned WANT_WRITE when requesting renegotiation.
|
||||
|
||||
Changes
|
||||
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
|
||||
|
|
|
@ -4167,8 +4167,6 @@ static int ssl_write_hello_request( ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
|
||||
|
||||
return( 0 );
|
||||
|
@ -4222,6 +4220,12 @@ int ssl_renegotiate( ssl_context *ssl )
|
|||
if( ssl->state != SSL_HANDSHAKE_OVER )
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
|
||||
|
||||
/* Did we already try/start sending HelloRequest? */
|
||||
if( ssl->out_left != 0 )
|
||||
return( ssl_flush_output( ssl ) );
|
||||
|
||||
return( ssl_write_hello_request( ssl ) );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
|
|
|
@ -709,6 +709,32 @@ run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
|
|||
-S "SSL - An unexpected message was received from our peer" \
|
||||
-S "failed"
|
||||
|
||||
run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \
|
||||
"$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
|
||||
"$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
|
||||
0 \
|
||||
-c "client hello, adding renegotiation extension" \
|
||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||
-s "found renegotiation extension" \
|
||||
-s "server hello, secure renegotiation extension" \
|
||||
-c "found renegotiation extension" \
|
||||
-c "=> renegotiate" \
|
||||
-s "=> renegotiate" \
|
||||
-S "write hello request"
|
||||
|
||||
run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \
|
||||
"$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
|
||||
"$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
|
||||
0 \
|
||||
-c "client hello, adding renegotiation extension" \
|
||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||
-s "found renegotiation extension" \
|
||||
-s "server hello, secure renegotiation extension" \
|
||||
-c "found renegotiation extension" \
|
||||
-c "=> renegotiate" \
|
||||
-s "=> renegotiate" \
|
||||
-s "write hello request"
|
||||
|
||||
# Tests for auth_mode
|
||||
|
||||
run_test "Authentication #1 (server badcert, client required)" \
|
||||
|
|
Loading…
Reference in a new issue