diff options
author | Todd Short <tshort@akamai.com> | 2017-05-10 16:46:14 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-06 22:39:41 +0100 |
commit | db0f35dda18403accabe98e7780f3dfc516f49de (patch) | |
tree | 68a7b32f8f99c5624e2d0bb1089f6bf34047f01f /ssl/record | |
parent | 270d65fa34caa974fb27c9b161b0c9b6cd806c76 (diff) |
Fix #2400 Add NO_RENEGOTIATE option
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3432)
Diffstat (limited to 'ssl/record')
-rw-r--r-- | ssl/record/rec_layer_s3.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 01caf4c372..045a74c113 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1433,13 +1433,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (s->server && SSL_is_init_finished(s) && - !s->s3->send_connection_binding && (s->version > SSL3_VERSION) && !SSL_IS_TLS13(s) && + (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len >= 4) && (s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && (s->session != NULL) && (s->session->cipher != NULL) && - !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + ((!s->s3->send_connection_binding && + !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) || + (s->options & SSL_OP_NO_RENEGOTIATION))) { SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); |