wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make calls to SSL_renegotiate() error out for TLSv1.3

Browse source 
When we have support for KeyUpdate we might consider doing that instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
This commit is contained in:
Matt Caswell 2017-01-20 17:00:03 +00:00
parent ddf6ec0069
commit 2c0980d2fa
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
ssl/ssl_lib.c
View file

@ -1716,9 +1716,12 @@ int SSL_shutdown(SSL *s)
int SSL_renegotiate(SSL *s)
{
/* Do nothing in TLS1.3 */
/*
* TODO(TLS1.3): Return an error for now. Perhaps we should do a KeyUpdate
* instead when we support that?
*/
if (SSL_IS_TLS13(s))
return 1;
return 0;
if (s->renegotiate == 0)
s->renegotiate = 1;
@ -1730,9 +1733,12 @@ int SSL_renegotiate(SSL *s)
int SSL_renegotiate_abbreviated(SSL *s)
{
/* Do nothing in TLS1.3 */
/*
* TODO(TLS1.3): Return an error for now. Perhaps we should do a KeyUpdate
* instead when we support that?
*/
if (SSL_IS_TLS13(s))
return 1;
return 0;
if (s->renegotiate == 0)
s->renegotiate = 1;