summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
-rw-r--r--src/lib/libssl/t1_lib.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 417b90381b..c4eeb7a41d 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1296,8 +1296,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1296 1296
1297 /* Need RI if renegotiating */ 1297 /* Need RI if renegotiating */
1298 1298
1299 if (!renegotiate_seen && s->renegotiate && 1299 if (!renegotiate_seen && s->renegotiate) {
1300 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
1301 *al = SSL_AD_HANDSHAKE_FAILURE; 1300 *al = SSL_AD_HANDSHAKE_FAILURE;
1302 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 1301 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
1303 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1302 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
@@ -1533,8 +1532,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
1533 * absence on initial connect only. 1532 * absence on initial connect only.
1534 */ 1533 */
1535 if (!renegotiate_seen 1534 if (!renegotiate_seen
1536 && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) 1535 && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
1537 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
1538 *al = SSL_AD_HANDSHAKE_FAILURE; 1536 *al = SSL_AD_HANDSHAKE_FAILURE;
1539 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 1537 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
1540 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1538 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 16:06:16 +0000