X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=inline;f=ssl%2Ft1_reneg.c;h=9c2cc3c712a20415a83490cfa1c112fdc49eb6c5;hb=7b6b246fd393cbe07bc1f0d456140efdff59f971;hp=5222094f284e6a426087a0a0069f1cfbdffd490d;hpb=e0e7997212c3c688140a2d8a13f9dcd03f202443;p=oweals%2Fopenssl.git

diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c
index 5222094f28..9c2cc3c712 100644
--- a/ssl/t1_reneg.c
+++ b/ssl/t1_reneg.c
@@ -130,10 +130,15 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
 
         memcpy(p, s->s3->previous_client_finished,
 	       s->s3->previous_client_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+    fprintf(stderr, "%s RI extension sent by client\n",
+		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
         }
     
     *len=s->s3->previous_client_finished_len + 1;
-    
+
+ 
     return 1;
     }
 
@@ -166,7 +171,7 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
     if(ilen != s->s3->previous_client_finished_len)
         {
         SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
+        *al=SSL_AD_HANDSHAKE_FAILURE;
         return 0;
         }
     
@@ -174,9 +179,13 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
 	      s->s3->previous_client_finished_len))
         {
         SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
+        *al=SSL_AD_HANDSHAKE_FAILURE;
         return 0;
         }
+#ifdef OPENSSL_RI_DEBUG
+    fprintf(stderr, "%s RI extension received by server\n",
+				ilen ? "Non-empty" : "Empty");
+#endif
 
     s->s3->send_connection_binding=1;
 
@@ -206,6 +215,10 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
 
         memcpy(p, s->s3->previous_server_finished,
 	       s->s3->previous_server_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+    fprintf(stderr, "%s RI extension sent by server\n",
+    		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
         }
     
     *len=s->s3->previous_client_finished_len
@@ -249,7 +262,7 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
     if(ilen != expected_len)
         {
         SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
+        *al=SSL_AD_HANDSHAKE_FAILURE;
         return 0;
         }
 
@@ -257,7 +270,7 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
 	      s->s3->previous_client_finished_len))
         {
         SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
+        *al=SSL_AD_HANDSHAKE_FAILURE;
         return 0;
         }
     d += s->s3->previous_client_finished_len;
@@ -269,6 +282,11 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
         *al=SSL_AD_ILLEGAL_PARAMETER;
         return 0;
         }
+#ifdef OPENSSL_RI_DEBUG
+    fprintf(stderr, "%s RI extension received by client\n",
+				ilen ? "Non-empty" : "Empty");
+#endif
+    s->s3->send_connection_binding=1;
 
     return 1;
     }