diff options
Diffstat (limited to 'src/ssl/s3_pkt.c')
-rw-r--r-- | src/ssl/s3_pkt.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/src/ssl/s3_pkt.c b/src/ssl/s3_pkt.c index 3c2435d..1cb2ac6 100644 --- a/src/ssl/s3_pkt.c +++ b/src/ssl/s3_pkt.c @@ -337,6 +337,20 @@ void ssl3_read_close_notify(SSL *ssl) { ssl3_read_bytes(ssl, 0, NULL, 0, 0); } +static int ssl3_can_renegotiate(SSL *ssl) { + switch (ssl->renegotiate_mode) { + case ssl_renegotiate_never: + return 0; + case ssl_renegotiate_once: + return ssl->s3->total_renegotiations == 0; + case ssl_renegotiate_freely: + return 1; + } + + assert(0); + return 0; +} + /* Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * @@ -368,7 +382,7 @@ int ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek) { int al, i, ret; unsigned int n; SSL3_RECORD *rr; - void (*cb)(const SSL *ssl, int type2, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int value) = NULL; if ((type && type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || (peek && type != SSL3_RT_APPLICATION_DATA)) { @@ -509,7 +523,7 @@ start: if (rr->type == SSL3_RT_HANDSHAKE) { /* If peer renegotiations are disabled, all out-of-order handshake records * are fatal. Renegotiations as a server are never supported. */ - if (!s->accept_peer_renegotiations || s->server) { + if (s->server || !ssl3_can_renegotiate(s)) { al = SSL_AD_NO_RENEGOTIATION; OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION); goto f_err; @@ -563,6 +577,7 @@ start: } /* Begin a new handshake. */ + s->s3->total_renegotiations++; s->state = SSL_ST_CONNECT; i = s->handshake_func(s); if (i < 0) { @@ -771,7 +786,7 @@ int ssl3_send_alert(SSL *s, int level, int desc) { int ssl3_dispatch_alert(SSL *s) { int i, j; - void (*cb)(const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int value) = NULL; s->s3->alert_dispatch = 0; i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2); |