projects
/
oweals
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
64abf5e
)
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
author
Dr. Stephen Henson
<steve@openssl.org>
Wed, 18 Nov 2009 14:45:48 +0000
(14:45 +0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Wed, 18 Nov 2009 14:45:48 +0000
(14:45 +0000)
ssl/s23_clnt.c
patch
|
blob
|
history
diff --git
a/ssl/s23_clnt.c
b/ssl/s23_clnt.c
index 20cde4f20f4d98309c47dfa69e613f8fd634e5c9..53e080ee8e9dce286807efe449f97e635c1b73d9 100644
(file)
--- a/
ssl/s23_clnt.c
+++ b/
ssl/s23_clnt.c
@@
-305,6
+305,8
@@
static int ssl23_client_hello(SSL *s)
ssl2_compat = 0;
if (s->tlsext_status_type != -1)
ssl2_compat = 0;
+ if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ ssl2_compat = 0;
#ifdef TLSEXT_TYPE_opaque_prf_input
if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)