Correct failure when renegotiating with old server

When renegotiating the client checks that the server hasn't changed its mind about supporting the renegotiation extension (this is a likely indicator of an attack). However due to a typo the client was actually comparing the value in the client hello of the first handshake against the server hello in the renegotiation handshake. Since Botan always sends the renegotiation extension, this would cause the check to fail when renegotiating with an old server that doesn't support the renegotiation extension. Reported on mailing list by Falko Strenzke. Tested patch against OpenSSL 0.9.8k
author: Jack Lloyd <[email protected]> 2017-06-04 05:17:54 -0400
committer: Jack Lloyd <[email protected]> 2017-06-04 05:17:54 -0400
commit: d6e7c9ea7f029026d84ce2828a26310dd9882679 (patch)
tree: 0304f0cda9c683f160e626f274deb00b5a2e6966
parent: 41b1e738dbcbf2c33b418d2da235a56ad11feb9a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp
index 52a62693e..c905862c6 100644
--- a/src/lib/tls/tls_channel.cpp
+++ b/src/lib/tls/tls_channel.cpp
@@ -600,7 +600,7 @@ void Channel::secure_renegotiation_check(const Server_Hello* server_hello)
 
    if(auto active = active_state())
       {
-      const bool active_sr = active->client_hello()->secure_renegotiation();
+      const bool active_sr = active->server_hello()->secure_renegotiation();
 
       if(active_sr != secure_renegotiation)
          throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
author	Jack Lloyd <[email protected]>	2017-06-04 05:17:54 -0400
committer	Jack Lloyd <[email protected]>	2017-06-04 05:17:54 -0400
commit	d6e7c9ea7f029026d84ce2828a26310dd9882679 (patch)
tree	0304f0cda9c683f160e626f274deb00b5a2e6966
parent	41b1e738dbcbf2c33b418d2da235a56ad11feb9a (diff)