diff options
author | marha <marha@users.sourceforge.net> | 2013-02-13 09:55:16 +0100 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2013-02-13 09:55:16 +0100 |
commit | 88bcd02cfecbf8ba9cf726b0d337c56f9c9b2bc4 (patch) | |
tree | ded42639873b943c7ec97b06961ad067228652d1 /openssl/ssl/s3_srvr.c | |
parent | 3247a4e031a7d5160332c0d7ca2a91a516c082bb (diff) | |
parent | aaf21968deb85b635cb6aa6544df233ea5981346 (diff) | |
download | vcxsrv-88bcd02cfecbf8ba9cf726b0d337c56f9c9b2bc4.tar.gz vcxsrv-88bcd02cfecbf8ba9cf726b0d337c56f9c9b2bc4.tar.bz2 vcxsrv-88bcd02cfecbf8ba9cf726b0d337c56f9c9b2bc4.zip |
Merge remote-tracking branch 'origin/released'
* origin/released:
Update to following packages:
Conflicts:
freetype/src/autofit/afhints.c
freetype/src/autofit/afmodule.c
freetype/src/psaux/psconv.c
freetype/src/sfnt/sfntpic.h
openssl/Makefile
openssl/util/pl/VC-32.pl
Diffstat (limited to 'openssl/ssl/s3_srvr.c')
-rw-r--r-- | openssl/ssl/s3_srvr.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index 118939fab..bfb848054 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -191,7 +191,8 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) { if(s->srp_ctx.login == NULL) { - /* There isn't any srp login extension !!! */ + /* RFC 5054 says SHOULD reject, + we do so if There is no srp login name */ ret = SSL3_AL_FATAL; *al = SSL_AD_UNKNOWN_PSK_IDENTITY; } @@ -378,6 +379,7 @@ int ssl3_accept(SSL *s) } } #endif + s->renegotiate = 2; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; @@ -1181,7 +1183,7 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } } - if (ssl_check_clienthello_tlsext(s) <= 0) { + if (ssl_check_clienthello_tlsext_early(s) <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); goto err; } @@ -1389,7 +1391,10 @@ int ssl3_get_client_hello(SSL *s) if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER)) { if (!ssl3_digest_cached_records(s)) + { + al = SSL_AD_INTERNAL_ERROR; goto f_err; + } } /* we now have the following setup. @@ -1403,6 +1408,16 @@ int ssl3_get_client_hello(SSL *s) * s->tmp.new_cipher - the new cipher to use. */ + /* Handles TLS extensions that we couldn't check earlier */ + if (s->version >= SSL3_VERSION) + { + if (ssl_check_clienthello_tlsext_late(s) <= 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + goto err; + } + } + if (ret < 0) ret=1; if (0) { |