diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-07 19:09:32 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-07 19:09:32 +0000 |
commit | 3798a4d0597c8c665b41f6211f22c763b22f245b (patch) | |
tree | 8b8dd1ed2da65f7e6ba30c0d8ee86618647b0fad | |
parent | 5b8246d6eb31b88709b4fc1e1d5318be2cc0ca6f (diff) |
Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
-rw-r--r-- | ssl/ssl_lib.c | 5 | ||||
-rw-r--r-- | ssl/t1_lib.c | 7 |
2 files changed, 6 insertions, 6 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b0bd720539..231f87b307 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1300,10 +1300,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, p+=j; } /* If p == q, no ciphers and caller indicates an error. Otherwise - * add SCSV if no extensions (i.e. SSL3 is client_version) - * since spec RECOMMENDS not sending both RI and SCSV. + * add SCSV if not renegotiating. */ - if (p != q) + if (p != q && !s->new_session) { static SSL_CIPHER scsv = { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8625b57104..ce24f89746 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -174,9 +174,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha ret+=size_str; } - - /* Add the renegotiation option: TODOEKR switch */ - { + + /* Add RI if renegotiating */ + if (s->new_session) + { int el; if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) |