Simplify RI+SCSV logic:

1. Send SCSV is not renegotiating, never empty RI. 2. Send RI if renegotiating.
author: Dr. Stephen Henson <steve@openssl.org> 2010-01-07 19:05:03 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-01-07 19:05:03 +0000
commit: 73ff97ad7618a33efe4c6b20580d923bc3dd6d7e (patch)
tree: bebdbf8f9950dcfbac0c9c3851cff93f21e05d8f /ssl
parent: 0d8ffc20073f35e4e2155bc3432c2d00d273cddf (diff)
2 files changed, 5 insertions, 5 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b265b4d45f..b72a970648 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1370,10 +1370,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		p+=j;
 		}
 	/* If p == q, no ciphers and caller indicates an error. Otherwise
-	 * add SCSV if no extensions (i.e. SSL3 is client_version)
-	 * since spec RECOMMENDS not sending both RI and SCSV.
+	 * add SCSV if not renegotiating.
 	 */
-	if (p != q && !s->new_session && s->client_version == SSL3_VERSION)
+	if (p != q && !s->new_session)
 		{
 		static SSL_CIPHER scsv =
 			{
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4eb6d13840..4cb171e6d4 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -316,8 +316,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		ret+=size_str;
 		}
 
-        /* Add the renegotiation option: TODOEKR switch */
-        {
+        /* Add RI if renegotiating */
+        if (s->new_session)
+          {
           int el;
           
           if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
author	Dr. Stephen Henson <steve@openssl.org>	2010-01-07 19:05:03 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-01-07 19:05:03 +0000
commit	73ff97ad7618a33efe4c6b20580d923bc3dd6d7e (patch)
tree	bebdbf8f9950dcfbac0c9c3851cff93f21e05d8f /ssl
parent	0d8ffc20073f35e4e2155bc3432c2d00d273cddf (diff)