Handle the server refusing to reneg in a reneg_setup
authorTodd Short <tshort@akamai.com>
Fri, 12 May 2017 13:02:41 +0000 (09:02 -0400)
committerMatt Caswell <matt@openssl.org>
Tue, 6 Jun 2017 21:39:41 +0000 (22:39 +0100)
During setup of a reneg test the server can refuse to start reneg.
If that happens we should let the client continue and then fail.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3432)

test/handshake_helper.c

index 8ad35ce31123cf473e363f8ad99a557a313d8520..509a8f6ede357e64683b8f382a609f79cd91c389 100644 (file)
@@ -764,6 +764,17 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
     int ret;
     char buf;
 
+    if (peer->status == PEER_SUCCESS) {
+        /*
+         * We are a client that succeeded this step previously, but the server
+         * wanted to retry. Probably there is a no_renegotiation warning alert
+         * waiting for us. Attempt to continue the handshake.
+         */
+        peer->status = PEER_RETRY;
+        do_handshake_step(peer);
+        return;
+    }
+    
     TEST_check(peer->status == PEER_RETRY);
     TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
                 || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT