If legacy renegotiation is not permitted then send a fatal alert if a patched
authorDr. Stephen Henson <steve@openssl.org>
Fri, 22 Jan 2010 18:49:19 +0000 (18:49 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 22 Jan 2010 18:49:19 +0000 (18:49 +0000)
server attempts to renegotiate with an unpatched client.

ssl/s3_srvr.c

index 8c8c1486ee2e4588d3a4655b4fe5738ca51ba92e..00fc2616b77a472a58373477a6d0482231648d0e 100644 (file)
@@ -271,6 +271,18 @@ int ssl3_accept(SSL *s)
                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
                                s->ctx->stats.sess_accept++;
                                }
+                       else if (!s->s3->send_connection_binding &&
+                               !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+                               {
+                               /* Server attempting to renegotiate with
+                                * client that doesn't support secure
+                                * renegotiation.
+                                */
+                               SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                               ret = -1;
+                               goto end;
+                               }
                        else
                                {
                                /* s->state == SSL_ST_RENEGOTIATE,