mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 09:15:43 +01:00
Server: enforce renegotiation
This commit is contained in:
parent
9c1e1898b6
commit
6d8404d6ba
@ -202,6 +202,7 @@
|
||||
#define SSL_INITIAL_HANDSHAKE 0
|
||||
#define SSL_RENEGOTIATION 1 /* In progress */
|
||||
#define SSL_RENEGOTIATION_DONE 2 /* Done */
|
||||
#define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
|
||||
|
||||
#define SSL_LEGACY_RENEGOTIATION 0
|
||||
#define SSL_SECURE_RENEGOTIATION 1
|
||||
|
@ -3990,6 +3990,8 @@ static int ssl_write_hello_request( ssl_context *ssl )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
|
||||
|
||||
return( 0 );
|
||||
@ -4175,6 +4177,12 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
||||
return( POLARSSL_ERR_NET_WANT_READ );
|
||||
}
|
||||
}
|
||||
else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
|
||||
"but not honored by client" ) );
|
||||
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
|
||||
|
@ -967,7 +967,12 @@ reset:
|
||||
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
|
||||
{
|
||||
printf( " failed\n ! ssl_read returned %d\n\n", ret );
|
||||
goto exit;
|
||||
|
||||
/* Unexpected message probably means client didn't renegotiate */
|
||||
if( ret == POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE )
|
||||
goto reset;
|
||||
else
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user