diff options
| author | marha <marha@users.sourceforge.net> | 2009-12-21 15:26:57 +0000 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2009-12-21 15:26:57 +0000 |
| commit | 0695dfb71ca6fe132d15a4d0890e8a868183adf9 (patch) | |
| tree | 1803f38d893025a3dbfeafec7a56146e141c0772 /openssl/ssl/s3_srvr.c | |
| parent | 1ee02cd0419021c3d4950af2619da39c6e9c47f0 (diff) | |
| download | vcxsrv-0695dfb71ca6fe132d15a4d0890e8a868183adf9.tar.gz vcxsrv-0695dfb71ca6fe132d15a4d0890e8a868183adf9.tar.bz2 vcxsrv-0695dfb71ca6fe132d15a4d0890e8a868183adf9.zip | |
Switched to openssl-0.9.8l
Diffstat (limited to 'openssl/ssl/s3_srvr.c')
| -rw-r--r-- | openssl/ssl/s3_srvr.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index 80b45eb86..79f3706c3 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -718,6 +718,14 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s->new_session + && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. |