commit 6d8404d6ba64aef87aaebf56db37779354e96acb
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Oct 30 16:41:45 2013 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Oct 30 16:48:10 2013 +0100
tree 5c662979d7c54c768e8fdfb9992af6d41c29d414
parent 9c1e1898b65427f3d2e5e4c13ed6578d61b3d6d9

Server: enforce renegotiation

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 94d9edf..1205947 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3990,6 +3990,8 @@
         return( ret );
     }
 
+    ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
+
     SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
 
     return( 0 );
@@ -4175,6 +4177,12 @@
                 return( POLARSSL_ERR_NET_WANT_READ );
             }
         }
+        else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
+        {
+            SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
+                                "but not honored by client" ) );
+            return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+        }
         else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
         {
             SSL_DEBUG_MSG( 1, ( "bad application data message" ) );