diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-07 19:05:03 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-07 19:05:03 +0000 |
commit | 73ff97ad7618a33efe4c6b20580d923bc3dd6d7e (patch) | |
tree | bebdbf8f9950dcfbac0c9c3851cff93f21e05d8f /ssl | |
parent | 0d8ffc20073f35e4e2155bc3432c2d00d273cddf (diff) |
Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 5 | ||||
-rw-r--r-- | ssl/t1_lib.c | 5 |
2 files changed, 5 insertions, 5 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b265b4d45f..b72a970648 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1370,10 +1370,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, p+=j; } /* If p == q, no ciphers and caller indicates an error. Otherwise - * add SCSV if no extensions (i.e. SSL3 is client_version) - * since spec RECOMMENDS not sending both RI and SCSV. + * add SCSV if not renegotiating. */ - if (p != q && !s->new_session && s->client_version == SSL3_VERSION) + if (p != q && !s->new_session) { static SSL_CIPHER scsv = { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4eb6d13840..4cb171e6d4 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -316,8 +316,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha ret+=size_str; } - /* Add the renegotiation option: TODOEKR switch */ - { + /* Add RI if renegotiating */ + if (s->new_session) + { int el; if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) |