projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
e50858c
)
Alert to use is now defined in spec: update code
author
Dr. Stephen Henson
<steve@openssl.org>
Thu, 17 Dec 2009 15:42:52 +0000
(15:42 +0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Thu, 17 Dec 2009 15:42:52 +0000
(15:42 +0000)
ssl/t1_lib.c
patch
|
blob
|
history
diff --git
a/ssl/t1_lib.c
b/ssl/t1_lib.c
index 667892690b4a69fb119f9a4f2af59b86bdf3b850..c4670346648a3f1331deea8a9f1c3de989a7b869 100644
(file)
--- a/
ssl/t1_lib.c
+++ b/
ssl/t1_lib.c
@@
-971,8
+971,7
@@
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
if (!renegotiate_seen && s->new_session &&
!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
if (!renegotiate_seen && s->new_session &&
!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
- /* FIXME: Spec currently doesn't give alert to use */
- *al = SSL_AD_ILLEGAL_PARAMETER;
+ *al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
@@
-1161,8
+1160,7
@@
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
(s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
(s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
- /* FIXME: Spec currently doesn't give alert to use */
- *al = SSL_AD_ILLEGAL_PARAMETER;
+ *al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;