Don't send NPN during renegotiation.

author Ben Laurie <ben@openssl.org>

Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)

committer Ben Laurie <ben@openssl.org>

Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)
author Ben Laurie <ben@openssl.org>
Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)
committer Ben Laurie <ben@openssl.org>
Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 1578f17e9791e25466688bf3a1932e8875fb1395..26673cfdee04203cb3a07f07c8faad274e5f6ac1 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -465,7 +465,7 @@ int ssl3_connect(SSL *s)
  #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
                         s->state=SSL3_ST_CW_FINISHED_A;
  #else
-                       if (s->next_proto_negotiated)
+                       if (s->s3->next_proto_neg_seen)
                                 s->state=SSL3_ST_CW_NEXT_PROTO_A;
                         else
                                 s->state=SSL3_ST_CW_FINISHED_A;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index f33a93197becfdb80fed423dcda5821822430a7a..e3e3b922d1faad7b011aa2e3f400254d3bdef1ef 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -836,6 +836,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
  
         s->servername_done = 0;
         s->tlsext_status_type = -1;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       s->s3->next_proto_neg_seen = 0;
+#endif
  
         if (data >= (d+n-2))
                 goto ri_check;
@@ -1305,6 +1308,10 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
         int tlsext_servername = 0;
         int renegotiate_seen = 0;
  
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       s->s3->next_proto_neg_seen = 0;
+#endif
+
         if (data >= (d+n-2))
                 goto ri_check;
  
@@ -1431,7 +1438,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         s->tlsext_status_expected = 1;
                         }
  #ifndef OPENSSL_NO_NEXTPROTONEG
-               else if (type == TLSEXT_TYPE_next_proto_neg)
+               else if (type == TLSEXT_TYPE_next_proto_neg &&
+                        s->s3->tmp.finish_md_len == 0)
                         {
                         unsigned char *selected;
                         unsigned char selected_len;
@@ -1461,6 +1469,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                 }
                         memcpy(s->next_proto_negotiated, selected, selected_len);
                         s->next_proto_negotiated_len = selected_len;
+                       s->s3->next_proto_neg_seen = 1;
                         }
  #endif
                 else if (type == TLSEXT_TYPE_renegotiate)
author	Ben Laurie <ben@openssl.org>
	Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)
committer	Ben Laurie <ben@openssl.org>
	Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)
ssl/s3_clnt.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history