ignore Client Hellos when we're in handshake anyway

[openssl.git] / ssl / s3_both.c

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 6236b74572714c9d581c4dc812f59859e64ca8ff..4d8cafe2be48b9c9671bdfa50c5892a6a5be2457 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -285,20 +285,34 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 
        if (s->state == st1) /* s->init_num < 4 */
                {
 
        if (s->state == st1) /* s->init_num < 4 */
                {

-               while (s->init_num < 4)
+               int skip_message;
+
+               do

                        {
                        {

-                       i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
-                               4-s->init_num);
-                       if (i <= 0)
+                       while (s->init_num < 4)

                                {
                                {

-                               s->rwstate=SSL_READING;
-                               *ok = 0;
-                               return i;
+                               i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
+                                       4-s->init_num);
+                               if (i <= 0)
+                                       {
+                                       s->rwstate=SSL_READING;
+                                       *ok = 0;
+                                       return i;
+                                       }
+                               s->init_num+=i;

                                }
                                }

-                       s->init_num+=i;
+                       
+                       skip_message = 0;
+                       if (!s->server)
+                               if (p[0] == SSL3_MT_HELLO_REQUEST)
+                                       /* The server may always send 'Hello Request' messages --
+                                        * we are doing a handshake anyway now, so ignore them
+                                        * if their format is correct */
+                                       if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+                                               skip_message = 1;

                        }
                        }

+               while (skip_message);

 
 

-/* XXX server may always send Hello Request */

                if ((mt >= 0) && (*p != mt))
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
                if ((mt >= 0) && (*p != mt))
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;