Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI. 2. Send RI if renegotiating.
This commit is contained in:
Dr. Stephen Henson
parent
5b8246d6eb
commit
3798a4d059
2 changed files with 6 additions and 6 deletions
|
|
@ -1300,10 +1300,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
|
||||||
p+=j;
|
p+=j;
|
||||||
}
|
}
|
||||||
/* If p == q, no ciphers and caller indicates an error. Otherwise
|
/* If p == q, no ciphers and caller indicates an error. Otherwise
|
||||||
* add SCSV if no extensions (i.e. SSL3 is client_version)
|
* add SCSV if not renegotiating.
|
||||||
* since spec RECOMMENDS not sending both RI and SCSV.
|
|
||||||
*/
|
*/
|
||||||
if (p != q)
|
if (p != q && !s->new_session)
|
||||||
{
|
{
|
||||||
static SSL_CIPHER scsv =
|
static SSL_CIPHER scsv =
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -174,9 +174,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
||||||
ret+=size_str;
|
ret+=size_str;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Add the renegotiation option: TODOEKR switch */
|
/* Add RI if renegotiating */
|
||||||
{
|
if (s->new_session)
|
||||||
|
{
|
||||||
int el;
|
int el;
|
||||||
|
|
||||||
if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
|
if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue