generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Alert to use is now defined in spec: update code

Browse Source
This commit is contained in:
Dr. Stephen Henson 2009-12-17 15:42:43 +00:00
parent 2d3855fc6e
commit 54bc369ad7
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/t1_lib.c
View File

@ -971,8 +971,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
if (!renegotiate_seen && s->new_session && if (!renegotiate_seen && s->new_session &&
!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{ {
/* FIXME: Spec currently doesn't give alert to use */ *al = SSL_AD_HANDSHAKE_FAILURE;
*al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0; return 0;
@ -1161,8 +1160,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
(s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{ {
/* FIXME: Spec currently doesn't give alert to use */ *al = SSL_AD_HANDSHAKE_FAILURE;
*al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0; return 0;