diff options
| author | miod <> | 2014-07-11 13:21:15 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-11 13:21:15 +0000 |
| commit | c2265cc8b8f01c8a364e89b8653c576067f4b402 (patch) | |
| tree | 26dcc33823a82f45e28a6ed7816b8db301fbf2d1 /src | |
| parent | 581085583b9250f6e881a0832b6849347b42a864 (diff) | |
| download | openbsd-c2265cc8b8f01c8a364e89b8653c576067f4b402.tar.gz openbsd-c2265cc8b8f01c8a364e89b8653c576067f4b402.tar.bz2 openbsd-c2265cc8b8f01c8a364e89b8653c576067f4b402.zip | |
Accept CCS again after `finished' has been sent by the client; at this point
keys have been correctly set up so it is ok to accept CCS from the server.
Without renegotiation can sometimes fail.
OpenSSL PR #3400 via OpenSSL trunk.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 11 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 11 |
2 files changed, 12 insertions, 10 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index b70719f75a..017aaaecba 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.75 2014/07/11 09:24:44 beck Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.76 2014/07/11 13:21:15 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -497,12 +497,13 @@ ssl3_connect(SSL *s) | |||
| 497 | 497 | ||
| 498 | case SSL3_ST_CW_FINISHED_A: | 498 | case SSL3_ST_CW_FINISHED_A: |
| 499 | case SSL3_ST_CW_FINISHED_B: | 499 | case SSL3_ST_CW_FINISHED_B: |
| 500 | ret = ssl3_send_finished(s, | 500 | ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, |
| 501 | SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, | 501 | SSL3_ST_CW_FINISHED_B, |
| 502 | s->method->ssl3_enc->client_finished_label, | 502 | s->method->ssl3_enc->client_finished_label, |
| 503 | s->method->ssl3_enc->client_finished_label_len); | 503 | s->method->ssl3_enc->client_finished_label_len); |
| 504 | if (ret <= 0) | 504 | if (ret <= 0) |
| 505 | goto end; | 505 | goto end; |
| 506 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 506 | s->state = SSL3_ST_CW_FLUSH; | 507 | s->state = SSL3_ST_CW_FLUSH; |
| 507 | 508 | ||
| 508 | /* clear flags */ | 509 | /* clear flags */ |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index b70719f75a..017aaaecba 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.75 2014/07/11 09:24:44 beck Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.76 2014/07/11 13:21:15 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -497,12 +497,13 @@ ssl3_connect(SSL *s) | |||
| 497 | 497 | ||
| 498 | case SSL3_ST_CW_FINISHED_A: | 498 | case SSL3_ST_CW_FINISHED_A: |
| 499 | case SSL3_ST_CW_FINISHED_B: | 499 | case SSL3_ST_CW_FINISHED_B: |
| 500 | ret = ssl3_send_finished(s, | 500 | ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, |
| 501 | SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, | 501 | SSL3_ST_CW_FINISHED_B, |
| 502 | s->method->ssl3_enc->client_finished_label, | 502 | s->method->ssl3_enc->client_finished_label, |
| 503 | s->method->ssl3_enc->client_finished_label_len); | 503 | s->method->ssl3_enc->client_finished_label_len); |
| 504 | if (ret <= 0) | 504 | if (ret <= 0) |
| 505 | goto end; | 505 | goto end; |
| 506 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 506 | s->state = SSL3_ST_CW_FLUSH; | 507 | s->state = SSL3_ST_CW_FLUSH; |
| 507 | 508 | ||
| 508 | /* clear flags */ | 509 | /* clear flags */ |