diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-12-27 23:03:40 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-12-27 23:03:40 +0000 |
| commit | 5f409487146a78c4e5619dcb2587a1d9c824f875 (patch) | |
| tree | 7f85255ec00fdf23d776753a42713eb9b5a1ccb2 /ssl | |
| parent | c22050be29909df889d14c45d6a068bb76355637 (diff) | |
Update RI to match latest spec.
MCSV is now called SCSV.
Don't send SCSV if renegotiating.
Also note if RI is empty in debug messages.
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl3.h | 4 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 18 | ||||
| -rw-r--r-- | ssl/t1_reneg.c | 12 |
3 files changed, 19 insertions, 15 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 7ad803833d..b5f61f0217 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -130,8 +130,8 @@ extern "C" { #endif /* Magic Cipher Suite Value. NB: bogus value used for testing */ -#ifndef SSL3_CK_MCSV -#define SSL3_CK_MCSV 0x03000FEC +#ifndef SSL3_CK_SCSV +#define SSL3_CK_SCSV 0x03000FEC #endif #define SSL3_CK_RSA_NULL_MD5 0x03000001 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 31f76abd1a..f2999ead7f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1300,18 +1300,18 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, p+=j; } /* If p == q, no ciphers and caller indicates an error, otherwise - * add MCSV + * add SCSV */ if (p != q) { - static SSL_CIPHER msvc = + static SSL_CIPHER scsv = { - 0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0, + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, }; - j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p); + j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); p+=j; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "MCSV sent by client\n"); + fprintf(stderr, "SCSV sent by client\n"); #endif } @@ -1343,15 +1343,15 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, for (i=0; i<num; i+=n) { - /* Check for MCSV */ + /* Check for SCSV */ if (s->s3 && (n != 3 || !p[0]) && - (p[n-2] == ((SSL3_CK_MCSV >> 8) & 0xff)) && - (p[n-1] == (SSL3_CK_MCSV & 0xff))) + (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_SCSV & 0xff))) { s->s3->send_connection_binding = 1; p += n; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "MCSV received by server\n"); + fprintf(stderr, "SCSV received by server\n"); #endif continue; } diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c index 07fd5cb570..9c2cc3c712 100644 --- a/ssl/t1_reneg.c +++ b/ssl/t1_reneg.c @@ -131,7 +131,8 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, memcpy(p, s->s3->previous_client_finished, s->s3->previous_client_finished_len); #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension sent by client\n"); + fprintf(stderr, "%s RI extension sent by client\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); #endif } @@ -182,7 +183,8 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension received by server\n"); + fprintf(stderr, "%s RI extension received by server\n", + ilen ? "Non-empty" : "Empty"); #endif s->s3->send_connection_binding=1; @@ -214,7 +216,8 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, memcpy(p, s->s3->previous_server_finished, s->s3->previous_server_finished_len); #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension sent by server\n"); + fprintf(stderr, "%s RI extension sent by server\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); #endif } @@ -280,7 +283,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension received by client\n"); + fprintf(stderr, "%s RI extension received by client\n", + ilen ? "Non-empty" : "Empty"); #endif s->s3->send_connection_binding=1; |