From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 22 Jan 2010 18:49:34 +0000 (+0000)
Subject: If legacy renegotiation is not permitted then send a fatal alert if a patched
X-Git-Tag: OpenSSL-fips-2_0-rc1~1327
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3a88efd48c4de1e6d46f1b379dd3ff84847297d5;p=oweals%2Fopenssl.git

If legacy renegotiation is not permitted then send a fatal alert if a patched
server attempts to renegotiate with an unpatched client.
---

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8c8c1486ee..00fc2616b7 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -271,6 +271,18 @@ int ssl3_accept(SSL *s)
 				s->state=SSL3_ST_SR_CLNT_HELLO_A;
 				s->ctx->stats.sess_accept++;
 				}
+			else if (!s->s3->send_connection_binding &&
+				!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+				{
+				/* Server attempting to renegotiate with
+				 * client that doesn't support secure
+				 * renegotiation.
+				 */
+				SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+				ret = -1;
+				goto end;
+				}
 			else
 				{
 				/* s->state == SSL_ST_RENEGOTIATE,