cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 20:22:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

SSLv3: when refusing renegotiation, stop processing

Browse Source 
Before the code was sending a fatal alert but then processing any
further data from the peer.

Internal reference: IOTSSL-1384
This commit is contained in:
Gilles Peskine 2017-05-10 17:27:49 +02:00
parent c94f7352fa
commit 92e4426169
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/ssl_tls.c
View File

@ -6726,11 +6726,11 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
/* /* SSLv3 does not have a "no_renegotiation" warning, so
* SSLv3 does not have a "no_renegotiation" alert we send a fatal alert and abort the connection. */
*/ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 ) MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( ret ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
} }
else else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */