diff options
| author | Jack Lloyd <[email protected]> | 2017-02-20 14:23:46 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-02-20 14:23:46 -0500 |
| commit | 93b361fc07733f92eb5519fa9de00ed1fa61f1ee (patch) | |
| tree | a6f592605c089fe1ce8f135b736abcb6c182c49b /src/lib | |
| parent | ebe32d7687aa9284003aa322c82d3ad2c7e8673b (diff) | |
Fix logic of renegotiation check
Turning the policy off broke the server entirely.
Expose the new flag to Text_Policy
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/tls/tls_policy.cpp | 2 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.h | 2 | ||||
| -rw-r--r-- | src/lib/tls/tls_server.cpp | 6 |
3 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 0bc2d4418..387b5d600 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -266,7 +266,7 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite&) const return true; } -bool Policy::allow_client_initiated_renegotiation() const { return true; } +bool Policy::allow_client_initiated_renegotiation() const { return false; } bool Policy::allow_server_initiated_renegotiation() const { return false; } bool Policy::allow_insecure_renegotiation() const { return false; } bool Policy::allow_tls10() const { return true; } diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index b6afd7b28..64f6f84a0 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -480,6 +480,8 @@ class BOTAN_DLL Text_Policy : public Policy bool include_time_in_hello_random() const override { return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random()); } + bool allow_client_initiated_renegotiation() const override + { return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation()); } bool allow_server_initiated_renegotiation() const override { return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation()); } diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index a78a025a4..4bfda7838 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -354,14 +354,14 @@ void Server::process_client_hello_msg(const Handshake_State* active_state, Server_Handshake_State& pending_state, const std::vector<uint8_t>& contents) { - if(policy().allow_client_initiated_renegotiation() == false) + const bool initial_handshake = !active_state; + + if(initial_handshake == false && policy().allow_client_initiated_renegotiation() == false) { send_warning_alert(Alert::NO_RENEGOTIATION); return; } - const bool initial_handshake = !active_state; - if(!policy().allow_insecure_renegotiation() && !(initial_handshake || secure_renegotiation_supported())) { |