PR: 2115

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
author: Dr. Stephen Henson <steve@openssl.org> 2009-12-01 17:41:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-12-01 17:41:42 +0000
commit: d5b8c464991797946aca0f3c5c42ddcd5cd8f7df (patch)
tree: 289c95af28f0228620fbcfb0eb002a30cfdb2839 /ssl/s3_srvr.c
parent: 7805e23588be0a8351c0d72a92767fb758f6f9f5 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 77d7d878e3..ef760098b0 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1015,7 +1015,7 @@ int ssl3_get_client_hello(SSL *s)
 
 #ifndef OPENSSL_NO_TLSEXT
 	/* TLS extensions*/
-	if (s->version > SSL3_VERSION)
+	if (s->version > SSL3_VERSION && s->version != DTLS1_VERSION && s->version != DTLS1_BAD_VER)
 		{
 		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
 			{
@@ -1081,6 +1081,17 @@ int ssl3_get_client_hello(SSL *s)
 			s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
 			}
 		}
+
+	/* DTLS extensions */
+	if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
+		{
+		if (!ssl_parse_clienthello_dtlsext(s,&p,d,n, &al))
+			{
+				/* 'al' set by ssl_parse_clienthello_dtlsext */
+				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
+				goto f_err;
+			}
+		}
 #endif
 
 	/* Worst case, we will use the NULL compression, but if we have other
author	Dr. Stephen Henson <steve@openssl.org>	2009-12-01 17:41:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-12-01 17:41:42 +0000
commit	d5b8c464991797946aca0f3c5c42ddcd5cd8f7df (patch)
tree	289c95af28f0228620fbcfb0eb002a30cfdb2839 /ssl/s3_srvr.c
parent	7805e23588be0a8351c0d72a92767fb758f6f9f5 (diff)