projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Additional "chain_cert" functions.
[oweals/openssl.git]
/
ssl
/
t1_reneg.c
diff --git
a/ssl/t1_reneg.c
b/ssl/t1_reneg.c
index 5222094f284e6a426087a0a0069f1cfbdffd490d..9c2cc3c712a20415a83490cfa1c112fdc49eb6c5 100644
(file)
--- a/
ssl/t1_reneg.c
+++ b/
ssl/t1_reneg.c
@@
-130,10
+130,15
@@
int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension sent by client\n",
+ s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
}
*len=s->s3->previous_client_finished_len + 1;
}
*len=s->s3->previous_client_finished_len + 1;
-
+
+
return 1;
}
return 1;
}
@@
-166,7
+171,7
@@
int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
if(ilen != s->s3->previous_client_finished_len)
{
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
if(ilen != s->s3->previous_client_finished_len)
{
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_
ILLEGAL_PARAMETER
;
+ *al=SSL_AD_
HANDSHAKE_FAILURE
;
return 0;
}
return 0;
}
@@
-174,9
+179,13
@@
int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
s->s3->previous_client_finished_len))
{
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
s->s3->previous_client_finished_len))
{
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_
ILLEGAL_PARAMETER
;
+ *al=SSL_AD_
HANDSHAKE_FAILURE
;
return 0;
}
return 0;
}
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension received by server\n",
+ ilen ? "Non-empty" : "Empty");
+#endif
s->s3->send_connection_binding=1;
s->s3->send_connection_binding=1;
@@
-206,6
+215,10
@@
int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
memcpy(p, s->s3->previous_server_finished,
s->s3->previous_server_finished_len);
memcpy(p, s->s3->previous_server_finished,
s->s3->previous_server_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension sent by server\n",
+ s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
}
*len=s->s3->previous_client_finished_len
}
*len=s->s3->previous_client_finished_len
@@
-249,7
+262,7
@@
int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
if(ilen != expected_len)
{
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
if(ilen != expected_len)
{
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_
ILLEGAL_PARAMETER
;
+ *al=SSL_AD_
HANDSHAKE_FAILURE
;
return 0;
}
return 0;
}
@@
-257,7
+270,7
@@
int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
s->s3->previous_client_finished_len))
{
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
s->s3->previous_client_finished_len))
{
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_
ILLEGAL_PARAMETER
;
+ *al=SSL_AD_
HANDSHAKE_FAILURE
;
return 0;
}
d += s->s3->previous_client_finished_len;
return 0;
}
d += s->s3->previous_client_finished_len;
@@
-269,6
+282,11
@@
int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
*al=SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
*al=SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension received by client\n",
+ ilen ? "Non-empty" : "Empty");
+#endif
+ s->s3->send_connection_binding=1;
return 1;
}
return 1;
}