only send heartbeat extension from server if client sent one

author Dr. Stephen Henson <steve@openssl.org>

Tue, 3 Jan 2012 22:03:07 +0000 (22:03 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 3 Jan 2012 22:03:07 +0000 (22:03 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 3 Jan 2012 22:03:07 +0000 (22:03 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 3 Jan 2012 22:03:07 +0000 (22:03 +0000)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 01e8fc9c6802afb7d87bbd01ad412d604aa3a99e..82d490a94fe318572db4d18efd51821bab0ce224 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -812,17 +812,20 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 }
  
  #ifndef OPENSSL_NO_HEARTBEATS
-       /* Add Heartbeat extension */
-       s2n(TLSEXT_TYPE_heartbeat,ret);
-       s2n(1,ret);
-       /* Set mode:
-        * 1: peer may send requests
-        * 2: peer not allowed to send requests
-        */
-       if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
-               *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-       else
-               *(ret++) = SSL_TLSEXT_HB_ENABLED;
+       /* Add Heartbeat extension if we've received one */
+       if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
+               {
+               s2n(TLSEXT_TYPE_heartbeat,ret);
+               s2n(1,ret);
+               /* Set mode:
+                * 1: peer may send requests
+                * 2: peer not allowed to send requests
+                */
+               if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
+                       *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+               else
+                       *(ret++) = SSL_TLSEXT_HB_ENABLED;
+               }
  #endif
  
  #ifndef OPENSSL_NO_NEXTPROTONEG
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 3 Jan 2012 22:03:07 +0000 (22:03 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 3 Jan 2012 22:03:07 +0000 (22:03 +0000)