diff options
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
| -rw-r--r-- | src/lib/libssl/ssl_pkt.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 6a1c837944..c57eacd770 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_pkt.c,v 1.8 2017/01/29 15:31:15 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_pkt.c,v 1.9 2017/01/31 15:35:46 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1136,6 +1136,14 @@ start: | |||
| 1136 | * now try again to obtain the (application) data we were asked for */ | 1136 | * now try again to obtain the (application) data we were asked for */ |
| 1137 | goto start; | 1137 | goto start; |
| 1138 | } | 1138 | } |
| 1139 | /* Disallow client initiated renegotiation if configured. */ | ||
| 1140 | if (s->server && SSL_is_init_finished(s) && | ||
| 1141 | S3I(s)->handshake_fragment_len >= 4 && | ||
| 1142 | S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO && | ||
| 1143 | (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) { | ||
| 1144 | al = SSL_AD_NO_RENEGOTIATION; | ||
| 1145 | goto f_err; | ||
| 1146 | } | ||
| 1139 | /* If we are a server and get a client hello when renegotiation isn't | 1147 | /* If we are a server and get a client hello when renegotiation isn't |
| 1140 | * allowed send back a no renegotiation alert and carry on. | 1148 | * allowed send back a no renegotiation alert and carry on. |
| 1141 | * WARNING: experimental code, needs reviewing (steve) | 1149 | * WARNING: experimental code, needs reviewing (steve) |