* PT_APP_PROTOCOL_DATA has a test for hs_status=SSL_OK to prevent possible exchanges before the handshake is complete.

* Changed license on sha256.c to full BSD.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@244 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

ssl/gen_cert.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -142,7 +142,7 @@ static int gen_dn(const char *name, uint8_t dn_type,
     buf[(*offset)++] = dn_type;
     buf[(*offset)++] = ASN1_PRINTABLE_STR;
     buf[(*offset)++] = name_size;
-    strcpy(&buf[*offset], name);
+    strcpy((char *)&buf[*offset], name);
     *offset += name_size;
 
 error:
@@ -165,7 +165,13 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
         gethostname(fqdn, sizeof(fqdn));
         fqdn_len = strlen(fqdn);
         fqdn[fqdn_len++] = '.';
-        getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len);
+
+        if (getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len) < 0)
+        {
+            ret = X509_NOT_OK;
+            goto error;
+        }
+
         fqdn_len = strlen(fqdn);
 
         if (fqdn[fqdn_len-1] == '.')    /* ensure '.' is not last char */

ssl/tls1.c

@@ -1348,13 +1348,14 @@ int basic_read(SSL *ssl, uint8_t **in_data)
             break;
 
         case PT_APP_PROTOCOL_DATA:
-            if (in_data)
+            if (in_data && ssl->hs_status == SSL_OK)
             {
                 *in_data = buf;   /* point to the work buffer */
                 (*in_data)[read_len] = 0;  /* null terminate just in case */
+                ret = read_len;
             }
-
-            ret = read_len;
+            else
+                ret = SSL_ERROR_INVALID_PROT_MSG;
             break;
 
         case PT_ALERT_PROTOCOL: