Fix NPN implementation for renegotiation.

author Bodo Möller <bodo@openssl.org>

Thu, 24 Nov 2011 21:07:01 +0000 (21:07 +0000)

committer Bodo Möller <bodo@openssl.org>

Thu, 24 Nov 2011 21:07:01 +0000 (21:07 +0000)
author Bodo Möller <bodo@openssl.org>
Thu, 24 Nov 2011 21:07:01 +0000 (21:07 +0000)
committer Bodo Möller <bodo@openssl.org>
Thu, 24 Nov 2011 21:07:01 +0000 (21:07 +0000)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 5597e13bb01b387eb828b15099a21b6ae6f75240..a32978be305bd4b00b4508baf9c290bd340df8f5 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -465,7 +465,7 @@ int ssl3_connect(SSL *s)
  #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
                         s->state=SSL3_ST_CW_FINISHED_A;
  #else
-                       if (s->next_proto_negotiated)
+                       if (s->s3->next_proto_neg_seen)
                                 s->state=SSL3_ST_CW_NEXT_PROTO_A;
                         else
                                 s->state=SSL3_ST_CW_FINISHED_A;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 7b54dc9cd19e6b272699100a816a9ee99268f297..92eb35b61d42f015ded4e60cb8047abf7b2b8083 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -836,6 +836,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
  
         s->servername_done = 0;
         s->tlsext_status_type = -1;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       s->s3->next_proto_neg_seen = 0;
+#endif
  
         if (data >= (d+n-2))
                 goto ri_check;
@@ -1305,6 +1308,10 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
         int tlsext_servername = 0;
         int renegotiate_seen = 0;
  
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       s->s3->next_proto_neg_seen = 0;
+#endif
+
         if (data >= (d+n-2))
                 goto ri_check;
  
@@ -1431,7 +1438,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         s->tlsext_status_expected = 1;
                         }
  #ifndef OPENSSL_NO_NEXTPROTONEG
-               else if (type == TLSEXT_TYPE_next_proto_neg)
+               else if (type == TLSEXT_TYPE_next_proto_neg &&
+                        s->s3->tmp.finish_md_len == 0)
                         {
                         unsigned char *selected;
                         unsigned char selected_len;
@@ -1461,6 +1469,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                 }
                         memcpy(s->next_proto_negotiated, selected, selected_len);
                         s->next_proto_negotiated_len = selected_len;
+                       s->s3->next_proto_neg_seen = 1;
                         }
  #endif
                 else if (type == TLSEXT_TYPE_renegotiate)
author	Bodo Möller <bodo@openssl.org>
	Thu, 24 Nov 2011 21:07:01 +0000 (21:07 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Thu, 24 Nov 2011 21:07:01 +0000 (21:07 +0000)
ssl/s3_clnt.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history