Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION
authorTodd Short <tshort@akamai.com>
Mon, 22 May 2017 15:24:59 +0000 (11:24 -0400)
committerKurt Roeckx <kurt@roeckx.be>
Fri, 26 May 2017 09:29:18 +0000 (11:29 +0200)
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is
inconsistent. Most places check SSL->options, one place is checking
SSL_CTX->options; fix that.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
GH: #3523

ssl/record/rec_layer_s3.c

index fbabdf48c55d56309d8627a35e1d9125b3d5310f..01caf4c3726520640590030e907bf37fe7101022 100644 (file)
@@ -1439,7 +1439,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         (s->rlayer.handshake_fragment_len >= 4) &&
         (s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
         (s->session != NULL) && (s->session->cipher != NULL) &&
-        !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+        !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
         SSL3_RECORD_set_length(rr, 0);
         SSL3_RECORD_set_read(rr);
         ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);