add missing part for SGC restart fix (CVE-2011-4619)
This commit is contained in:
Dr. Stephen Henson
parent
8206dba75c
commit
63819e6f00
11
ssl/ssl3.h
11
ssl/ssl3.h
@ -380,6 +380,17 @@ typedef struct ssl3_buffer_st
|
|||||||
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
|
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
|
||||||
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
|
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
|
||||||
|
|
||||||
|
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
|
||||||
|
* restart a handshake because of MS SGC and so prevents us
|
||||||
|
* from restarting the handshake in a loop. It's reset on a
|
||||||
|
* renegotiation, so effectively limits the client to one restart
|
||||||
|
* per negotiation. This limits the possibility of a DDoS
|
||||||
|
* attack where the client handshakes in a loop using SGC to
|
||||||
|
* restart. Servers which permit renegotiation can still be
|
||||||
|
* effected, but we can't prevent that.
|
||||||
|
*/
|
||||||
|
#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
|
||||||
|
|
||||||
typedef struct ssl3_state_st
|
typedef struct ssl3_state_st
|
||||||
{
|
{
|
||||||
long flags;
|
long flags;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user