If legacy renegotiation is not permitted then send a fatal alert if a patched

server attempts to renegotiate with an unpatched client.
author: Dr. Stephen Henson <steve@openssl.org> 2010-01-22 18:49:34 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-01-22 18:49:34 +0000
commit: 3a88efd48c4de1e6d46f1b379dd3ff84847297d5 (patch)
tree: 53a152f03ed196f187ebd82dd76e37f0f4eef93f /ssl
parent: 3243698f1d629eafe6c2759b132545fbdf8722d6 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8c8c1486ee..00fc2616b7 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -271,6 +271,18 @@ int ssl3_accept(SSL *s)
 				s->state=SSL3_ST_SR_CLNT_HELLO_A;
 				s->ctx->stats.sess_accept++;
 				}
+			else if (!s->s3->send_connection_binding &&
+				!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+				{
+				/* Server attempting to renegotiate with
+				 * client that doesn't support secure
+				 * renegotiation.
+				 */
+				SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+				ret = -1;
+				goto end;
+				}
 			else
 				{
 				/* s->state == SSL_ST_RENEGOTIATE,
author	Dr. Stephen Henson <steve@openssl.org>	2010-01-22 18:49:34 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-01-22 18:49:34 +0000
commit	3a88efd48c4de1e6d46f1b379dd3ff84847297d5 (patch)
tree	53a152f03ed196f187ebd82dd76e37f0f4eef93f /ssl
parent	3243698f1d629eafe6c2759b132545fbdf8722d6 (diff)