From 0695dfb71ca6fe132d15a4d0890e8a868183adf9 Mon Sep 17 00:00:00 2001
From: marha <marha@users.sourceforge.net>
Date: Mon, 21 Dec 2009 15:26:57 +0000
Subject: Switched to openssl-0.9.8l

---
 openssl/ssl/s3_srvr.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'openssl/ssl/s3_srvr.c')

diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c
index 80b45eb86..79f3706c3 100644
--- a/openssl/ssl/s3_srvr.c
+++ b/openssl/ssl/s3_srvr.c
@@ -718,6 +718,14 @@ int ssl3_get_client_hello(SSL *s)
 #endif
 	STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
+	if (s->new_session
+	    && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+		{
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+		goto f_err;
+		}
+
 	/* We do this so that we will respond with our native type.
 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
 	 * This down switching should be handled by a different method.
-- 
cgit v1.2.3