diff options
author | Jack Lloyd <[email protected]> | 2017-06-04 05:17:54 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-06-04 05:17:54 -0400 |
commit | d6e7c9ea7f029026d84ce2828a26310dd9882679 (patch) | |
tree | 0304f0cda9c683f160e626f274deb00b5a2e6966 /src/lib/tls/tls_channel.cpp | |
parent | 41b1e738dbcbf2c33b418d2da235a56ad11feb9a (diff) |
Correct failure when renegotiating with old server
When renegotiating the client checks that the server hasn't
changed its mind about supporting the renegotiation extension
(this is a likely indicator of an attack).
However due to a typo the client was actually comparing the
value in the client hello of the first handshake against the
server hello in the renegotiation handshake. Since Botan always
sends the renegotiation extension, this would cause the check to
fail when renegotiating with an old server that doesn't support
the renegotiation extension.
Reported on mailing list by Falko Strenzke. Tested patch against
OpenSSL 0.9.8k
Diffstat (limited to 'src/lib/tls/tls_channel.cpp')
-rw-r--r-- | src/lib/tls/tls_channel.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 52a62693e..c905862c6 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -600,7 +600,7 @@ void Channel::secure_renegotiation_check(const Server_Hello* server_hello) if(auto active = active_state()) { - const bool active_sr = active->client_hello()->secure_renegotiation(); + const bool active_sr = active->server_hello()->secure_renegotiation(); if(active_sr != secure_renegotiation) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, |