Fix for ssl client renotiation SSL error

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@166 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2025-04-21 10:26:06 +03:00 · 2009-12-12 04:11:56 +00:00 · 2009-12-12 04:11:56 +00:00 · 13dee95d97
commit 13dee95d97
parent 1e8e818242
3 changed files with 17 additions and 2 deletions
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -100,6 +100,7 @@ extern "C" {
 #define SSL_ERROR_INVALID_KEY                   -269
 #define SSL_ERROR_FINISHED_INVALID              -271
 #define SSL_ERROR_NO_CERT_DEFINED               -272
+#define SSL_ERROR_NO_CLIENT_RENOG               -273
 #define SSL_ERROR_NOT_SUPPORTED                 -274
 #define SSL_X509_OFFSET                         -512
 #define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@ -1230,8 +1230,16 @@ int basic_read(SSL *ssl, uint8_t **in_data)
    switch (ssl->record_type)
    {
        case PT_HANDSHAKE_PROTOCOL:
-            ssl->dc->bm_proc_index = 0;
-            ret = do_handshake(ssl, buf, read_len);
+            if (ssl->dc != NULL)
+            {
+                ssl->dc->bm_proc_index = 0;
+                ret = do_handshake(ssl, buf, read_len);
+            }
+            else /* no client renogiation allowed */
+            {
+                ret = SSL_ERROR_NO_CLIENT_RENOG;              
+                goto error;
+            }
            break;

        case PT_CHANGE_CIPHER_SPEC:
@ -1402,6 +1410,7 @@ int send_alert(SSL *ssl, int error_code)

        case SSL_ERROR_INVALID_HANDSHAKE:
        case SSL_ERROR_INVALID_PROT_MSG:
+        case SSL_ERROR_NO_CLIENT_RENOG:
            alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
            break;

@ -1958,6 +1967,10 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
            printf("no certificate defined");
            break;

+        case SSL_ERROR_NO_CLIENT_RENOG:
+            printf("client renegotiation not supported");
+            break;
+            
        case SSL_ERROR_NOT_SUPPORTED:
            printf("Option not supported");
            break;
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@ -123,6 +123,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
        case HS_FINISHED:
            ret = process_finished(ssl, hs_len);
            disposable_free(ssl);   /* free up some memory */
+            /* note: client renogiation is not allowed after this */
            break;

        case HS_HELLO_REQUEST: