/* Clear our SSL3_RECORD structures */
memset(wr, 0, sizeof(wr));
for (j = 0; j < numpipes; j++) {
- unsigned int version = SSL_TREAT_AS_TLS13(s) ? TLS1_VERSION : s->version;
+ unsigned int version = SSL_TREAT_AS_TLS13(s) ? TLS1_2_VERSION
+ : s->version;
unsigned char *compressdata = NULL;
size_t maxcomplen;
unsigned int rectype;
* send early data - so we need to use the tls13enc function.
*/
if (tls13_enc(s, wr, numpipes, 1) < 1) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
- ERR_R_INTERNAL_ERROR);
+ if (!ossl_statem_in_error(s)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ }
goto err;
}
} else {
if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
- ERR_R_INTERNAL_ERROR);
+ if (!ossl_statem_in_error(s)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ }
goto err;
}
}
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
*/
- /*
- * If we are a server and get a client hello when renegotiation isn't
- * allowed send back a no renegotiation alert and carry on. WARNING:
- * experimental code, needs reviewing (steve)
- */
- if (s->server &&
- SSL_is_init_finished(s) &&
- (s->version > SSL3_VERSION) &&
- !SSL_IS_TLS13(s) &&
- (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) &&
- (s->rlayer.handshake_fragment_len >= 4) &&
- (s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
- (s->session != NULL) && (s->session->cipher != NULL) &&
- ((!s->s3->send_connection_binding &&
- !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ||
- (s->options & SSL_OP_NO_RENEGOTIATION))) {
- SSL3_RECORD_set_length(rr, 0);
- SSL3_RECORD_set_read(rr);
- ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
- goto start;
- }
if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
unsigned int alert_level, alert_descr;
unsigned char *alert_bytes = SSL3_RECORD_get_data(rr)
projects / openssl.git / blobdiff