diff options
Diffstat (limited to 'ssl/t1_reneg.c')
-rw-r--r-- | ssl/t1_reneg.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c index 5222094f28..07fd5cb570 100644 --- a/ssl/t1_reneg.c +++ b/ssl/t1_reneg.c @@ -130,10 +130,14 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, memcpy(p, s->s3->previous_client_finished, s->s3->previous_client_finished_len); +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "RI extension sent by client\n"); +#endif } *len=s->s3->previous_client_finished_len + 1; - + + return 1; } @@ -166,7 +170,7 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, if(ilen != s->s3->previous_client_finished_len) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_ILLEGAL_PARAMETER; + *al=SSL_AD_HANDSHAKE_FAILURE; return 0; } @@ -174,9 +178,12 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_ILLEGAL_PARAMETER; + *al=SSL_AD_HANDSHAKE_FAILURE; return 0; } +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "RI extension received by server\n"); +#endif s->s3->send_connection_binding=1; @@ -206,6 +213,9 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, memcpy(p, s->s3->previous_server_finished, s->s3->previous_server_finished_len); +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "RI extension sent by server\n"); +#endif } *len=s->s3->previous_client_finished_len @@ -249,7 +259,7 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, if(ilen != expected_len) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_ILLEGAL_PARAMETER; + *al=SSL_AD_HANDSHAKE_FAILURE; return 0; } @@ -257,7 +267,7 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); - *al=SSL_AD_ILLEGAL_PARAMETER; + *al=SSL_AD_HANDSHAKE_FAILURE; return 0; } d += s->s3->previous_client_finished_len; @@ -269,6 +279,10 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, *al=SSL_AD_ILLEGAL_PARAMETER; return 0; } +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "RI extension received by client\n"); +#endif + s->s3->send_connection_binding=1; return 1; } |