Server: enforce renegotiation

This commit is contained in:
Manuel Pégourié-Gonnard 2013-10-30 16:41:45 +01:00
parent 9c1e1898b6
commit 6d8404d6ba
3 changed files with 15 additions and 1 deletions

View File

@ -202,6 +202,7 @@
#define SSL_INITIAL_HANDSHAKE 0
#define SSL_RENEGOTIATION 1 /* In progress */
#define SSL_RENEGOTIATION_DONE 2 /* Done */
#define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
#define SSL_LEGACY_RENEGOTIATION 0
#define SSL_SECURE_RENEGOTIATION 1

View File

@ -3990,6 +3990,8 @@ static int ssl_write_hello_request( ssl_context *ssl )
return( ret );
}
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
return( 0 );
@ -4175,6 +4177,12 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
return( POLARSSL_ERR_NET_WANT_READ );
}
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
"but not honored by client" ) );
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
{
SSL_DEBUG_MSG( 1, ( "bad application data message" ) );

View File

@ -967,7 +967,12 @@ reset:
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_read returned %d\n\n", ret );
goto exit;
/* Unexpected message probably means client didn't renegotiate */
if( ret == POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE )
goto reset;
else
goto exit;
}
}