mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:45:27 +00:00
Fix server-initiated renego with non-blocking I/O
This commit is contained in:
parent
a8c0a0dbd0
commit
f07f421759
|
@ -12,6 +12,8 @@ Bugfix
|
||||||
* Remove non-existent file from VS projects (found by Peter Vaskovic).
|
* Remove non-existent file from VS projects (found by Peter Vaskovic).
|
||||||
* ssl_read() could return non-application data records on server while
|
* ssl_read() could return non-application data records on server while
|
||||||
renegotation was pending, and on client when a HelloRequest was received.
|
renegotation was pending, and on client when a HelloRequest was received.
|
||||||
|
* Server-initiated renegotiation would fail with non-blocking I/O if the
|
||||||
|
write callback returned WANT_WRITE when requesting renegotiation.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
|
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
|
||||||
|
|
|
@ -4167,8 +4167,6 @@ static int ssl_write_hello_request( ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
|
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
|
SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -4222,6 +4220,12 @@ int ssl_renegotiate( ssl_context *ssl )
|
||||||
if( ssl->state != SSL_HANDSHAKE_OVER )
|
if( ssl->state != SSL_HANDSHAKE_OVER )
|
||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
|
||||||
|
|
||||||
|
/* Did we already try/start sending HelloRequest? */
|
||||||
|
if( ssl->out_left != 0 )
|
||||||
|
return( ssl_flush_output( ssl ) );
|
||||||
|
|
||||||
return( ssl_write_hello_request( ssl ) );
|
return( ssl_write_hello_request( ssl ) );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_SSL_SRV_C */
|
#endif /* POLARSSL_SSL_SRV_C */
|
||||||
|
|
|
@ -709,6 +709,32 @@ run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
|
||||||
-S "SSL - An unexpected message was received from our peer" \
|
-S "SSL - An unexpected message was received from our peer" \
|
||||||
-S "failed"
|
-S "failed"
|
||||||
|
|
||||||
|
run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \
|
||||||
|
"$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
|
||||||
|
"$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
|
||||||
|
0 \
|
||||||
|
-c "client hello, adding renegotiation extension" \
|
||||||
|
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||||
|
-s "found renegotiation extension" \
|
||||||
|
-s "server hello, secure renegotiation extension" \
|
||||||
|
-c "found renegotiation extension" \
|
||||||
|
-c "=> renegotiate" \
|
||||||
|
-s "=> renegotiate" \
|
||||||
|
-S "write hello request"
|
||||||
|
|
||||||
|
run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \
|
||||||
|
"$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
|
||||||
|
"$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
|
||||||
|
0 \
|
||||||
|
-c "client hello, adding renegotiation extension" \
|
||||||
|
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||||
|
-s "found renegotiation extension" \
|
||||||
|
-s "server hello, secure renegotiation extension" \
|
||||||
|
-c "found renegotiation extension" \
|
||||||
|
-c "=> renegotiate" \
|
||||||
|
-s "=> renegotiate" \
|
||||||
|
-s "write hello request"
|
||||||
|
|
||||||
# Tests for auth_mode
|
# Tests for auth_mode
|
||||||
|
|
||||||
run_test "Authentication #1 (server badcert, client required)" \
|
run_test "Authentication #1 (server badcert, client required)" \
|
||||||
|
|
Loading…
Reference in a new issue