Fix server-initiated renego with non-blocking I/O

This commit is contained in:
Manuel Pégourié-Gonnard 2014-08-15 19:04:47 +02:00
parent a8c0a0dbd0
commit f07f421759
3 changed files with 34 additions and 2 deletions

View File

@ -12,6 +12,8 @@ Bugfix
* Remove non-existent file from VS projects (found by Peter Vaskovic). * Remove non-existent file from VS projects (found by Peter Vaskovic).
* ssl_read() could return non-application data records on server while * ssl_read() could return non-application data records on server while
renegotation was pending, and on client when a HelloRequest was received. renegotation was pending, and on client when a HelloRequest was received.
* Server-initiated renegotiation would fail with non-blocking I/O if the
write callback returned WANT_WRITE when requesting renegotiation.
Changes Changes
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no

View File

@ -4167,8 +4167,6 @@ static int ssl_write_hello_request( ssl_context *ssl )
return( ret ); return( ret );
} }
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
return( 0 ); return( 0 );
@ -4222,6 +4220,12 @@ int ssl_renegotiate( ssl_context *ssl )
if( ssl->state != SSL_HANDSHAKE_OVER ) if( ssl->state != SSL_HANDSHAKE_OVER )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
/* Did we already try/start sending HelloRequest? */
if( ssl->out_left != 0 )
return( ssl_flush_output( ssl ) );
return( ssl_write_hello_request( ssl ) ); return( ssl_write_hello_request( ssl ) );
} }
#endif /* POLARSSL_SSL_SRV_C */ #endif /* POLARSSL_SSL_SRV_C */

View File

@ -709,6 +709,32 @@ run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
-S "SSL - An unexpected message was received from our peer" \ -S "SSL - An unexpected message was received from our peer" \
-S "failed" -S "failed"
run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \
"$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
"$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
0 \
-c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-s "found renegotiation extension" \
-s "server hello, secure renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
-s "=> renegotiate" \
-S "write hello request"
run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \
"$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
0 \
-c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-s "found renegotiation extension" \
-s "server hello, secure renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
-s "=> renegotiate" \
-s "write hello request"
# Tests for auth_mode # Tests for auth_mode
run_test "Authentication #1 (server badcert, client required)" \ run_test "Authentication #1 (server badcert, client required)" \