Simplify RI+SCSV logic:

1. Send SCSV is not renegotiating, never empty RI. 2. Send RI if renegotiating.
author: Dr. Stephen Henson <steve@openssl.org> 2010-01-07 19:09:32 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-01-07 19:09:32 +0000
commit: 3798a4d0597c8c665b41f6211f22c763b22f245b (patch)
tree: 8b8dd1ed2da65f7e6ba30c0d8ee86618647b0fad /ssl/ssl_lib.c
parent: 5b8246d6eb31b88709b4fc1e1d5318be2cc0ca6f (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b0bd720539..231f87b307 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1300,10 +1300,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		p+=j;
 		}
 	/* If p == q, no ciphers and caller indicates an error. Otherwise
-	 * add SCSV if no extensions (i.e. SSL3 is client_version)
-	 * since spec RECOMMENDS not sending both RI and SCSV.
+	 * add SCSV if not renegotiating.
 	 */
-	if (p != q)
+	if (p != q && !s->new_session)
 		{
 		static SSL_CIPHER scsv =
 			{
author	Dr. Stephen Henson <steve@openssl.org>	2010-01-07 19:09:32 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-01-07 19:09:32 +0000
commit	3798a4d0597c8c665b41f6211f22c763b22f245b (patch)
tree	8b8dd1ed2da65f7e6ba30c0d8ee86618647b0fad /ssl/ssl_lib.c
parent	5b8246d6eb31b88709b4fc1e1d5318be2cc0ca6f (diff)