commit 92e4426169ccba07b8ea34f36084ad3820813a73
author Gilles Peskine <Gilles.Peskine@arm.com> Wed May 10 17:27:49 2017 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed May 10 17:31:13 2017 +0200
tree 1269cca412a8eadcdc0879a72cd7ace2b0fb08fd
parent c94f7352fae9b0828b10b3570ad18653a6c87292

SSLv3: when refusing renegotiation, stop processing

Before the code was sending a fatal alert but then processing any
further data from the peer.

Internal reference: IOTSSL-1384

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 713cb10..fc89b6d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6726,11 +6726,11 @@
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
                 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
                 {
-                    /*
-                     * SSLv3 does not have a "no_renegotiation" alert
-                     */
-                    if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
-                        return( ret );
+                    /* SSLv3 does not have a "no_renegotiation" warning, so
+                       we send a fatal alert and abort the connection. */
+                    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                                    MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+                    return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
                 }
                 else
 #endif /* MBEDTLS_SSL_PROTO_SSL3 */