diff options
| author | lloyd <[email protected]> | 2012-09-07 21:26:04 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-09-07 21:26:04 +0000 |
| commit | 5d2a554953d38a6b3587ef7548b05dc309582a3e (patch) | |
| tree | 4cddefd0e44056cd0e95e1c52bd3b2b221230eee | |
| parent | 039ffbf4bf7df2664e70f827d98e75fe1553e874 (diff) | |
Per Google's spec the client is not supposed to include a NPN
extension in renegotiations
| -rw-r--r-- | src/tls/tls_server.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 67e5a8eda..ed4cfe3f9 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -350,6 +350,10 @@ void Server::process_handshake_msg(const Handshake_State* active_state, "Client version is unacceptable by policy"); } + if(!initial_handshake && state.client_hello()->next_protocol_notification()) + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "Client included NPN extension for renegotiation"); + secure_renegotiation_check(state.client_hello()); set_protocol_version(negotiated_version); |