diff options
author | marha <marha@users.sourceforge.net> | 2009-12-22 14:14:24 +0000 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2009-12-22 14:14:24 +0000 |
commit | 4284aeba874b9168f2228c59639bec8346a56796 (patch) | |
tree | d51ffb4507e0cae24b0875d8bb6b2c037829a684 /openssl/ssl/s3_srvr.c | |
parent | c438f190eedc71ee8dd14e14fec660e98d3dc0bf (diff) | |
parent | 0695dfb71ca6fe132d15a4d0890e8a868183adf9 (diff) | |
download | vcxsrv-4284aeba874b9168f2228c59639bec8346a56796.tar.gz vcxsrv-4284aeba874b9168f2228c59639bec8346a56796.tar.bz2 vcxsrv-4284aeba874b9168f2228c59639bec8346a56796.zip |
svn merge ^/branches/released
Diffstat (limited to 'openssl/ssl/s3_srvr.c')
-rw-r--r-- | openssl/ssl/s3_srvr.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index 80b45eb86..79f3706c3 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -718,6 +718,14 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s->new_session + && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. |