diff options
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
| -rw-r--r-- | src/lib/libssl/ssl_pkt.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 740fe97192..7032175aac 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_pkt.c,v 1.68 2024/07/22 14:47:15 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_pkt.c,v 1.69 2025/03/12 14:03:55 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -900,6 +900,12 @@ ssl3_read_handshake_unexpected(SSL *s) | |||
| 900 | tls_buffer_free(s->s3->handshake_fragment); | 900 | tls_buffer_free(s->s3->handshake_fragment); |
| 901 | s->s3->handshake_fragment = NULL; | 901 | s->s3->handshake_fragment = NULL; |
| 902 | 902 | ||
| 903 | if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { | ||
| 904 | ssl3_send_alert(s, SSL3_AL_WARNING, | ||
| 905 | SSL_AD_NO_RENEGOTIATION); | ||
| 906 | return 1; | ||
| 907 | } | ||
| 908 | |||
| 903 | /* | 909 | /* |
| 904 | * It should be impossible to hit this, but keep the safety | 910 | * It should be impossible to hit this, but keep the safety |
| 905 | * harness for now... | 911 | * harness for now... |
| @@ -947,7 +953,9 @@ ssl3_read_handshake_unexpected(SSL *s) | |||
| 947 | return -1; | 953 | return -1; |
| 948 | } | 954 | } |
| 949 | 955 | ||
| 950 | if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { | 956 | if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0 || |
| 957 | ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 && | ||
| 958 | (s->options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) == 0)) { | ||
| 951 | ssl3_send_alert(s, SSL3_AL_FATAL, | 959 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 952 | SSL_AD_NO_RENEGOTIATION); | 960 | SSL_AD_NO_RENEGOTIATION); |
| 953 | return -1; | 961 | return -1; |