diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-01-03 22:03:07 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-01-03 22:03:07 +0000 |
| commit | 7b2dd292bc755de87199bbb47418c0c6083ce74e (patch) | |
| tree | b327f6f773c60d47bedae5cc2ae12e980cffd3c7 | |
| parent | ab585551c0a577d9a91825d446465905a5ea17e3 (diff) | |
only send heartbeat extension from server if client sent one
| -rw-r--r-- | ssl/t1_lib.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 01e8fc9c68..82d490a94f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -812,17 +812,20 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha } #ifndef OPENSSL_NO_HEARTBEATS - /* Add Heartbeat extension */ - s2n(TLSEXT_TYPE_heartbeat,ret); - s2n(1,ret); - /* Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ - if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS) - *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; - else - *(ret++) = SSL_TLSEXT_HB_ENABLED; + /* Add Heartbeat extension if we've received one */ + if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) + { + s2n(TLSEXT_TYPE_heartbeat,ret); + s2n(1,ret); + /* Set mode: + * 1: peer may send requests + * 2: peer not allowed to send requests + */ + if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS) + *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; + else + *(ret++) = SSL_TLSEXT_HB_ENABLED; + } #endif #ifndef OPENSSL_NO_NEXTPROTONEG |