If legacy renegotiation is not permitted then send a fatal alert if a patched
authorDr. Stephen Henson <steve@openssl.org>
Fri, 22 Jan 2010 18:49:43 +0000 (18:49 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 22 Jan 2010 18:49:43 +0000 (18:49 +0000)
server attempts to renegotiate with an unpatched client.

ssl/s3_srvr.c

index a3bb3ae..789447e 100644 (file)
@@ -248,6 +248,18 @@ int ssl3_accept(SSL *s)
                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
                                s->ctx->stats.sess_accept++;
                                }
+                       else if (!s->s3->send_connection_binding &&
+                               !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+                               {
+                               /* Server attempting to renegotiate with
+                                * client that doesn't support secure
+                                * renegotiation.
+                                */
+                               SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                               ret = -1;
+                               goto end;
+                               }
                        else
                                {
                                /* s->state == SSL_ST_RENEGOTIATE,