Add a Policy item for if a client will accept a server-initiated

renegotiation request. Defaults to true. If false, the client will send a non-fatal no_renegotiation alert.
author: lloyd <[email protected]> 2012-08-06 16:03:11 +0000
committer: lloyd <[email protected]> 2012-08-06 16:03:11 +0000
commit: 8122389c0a95f6f98e71c96ae3366b48f9e43cb8 (patch)
tree: 91c26d0c060812c24278f1bf6091046e592c2a51 /src/tls
parent: 5c35bdbb373a5db27299e64abf906409699a1adb (diff)
2 files changed, 7 insertions, 1 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index aed524dbe..33ab044b1 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -165,7 +165,8 @@ void Client::process_handshake_msg(Handshake_Type type,
       if(m_state->client_hello())
          return;
 
-      if(!m_secure_renegotiation.supported() && !m_policy.allow_insecure_renegotiation())
+      if(!m_policy.allow_server_initiated_renegotiation() ||
+         (!m_policy.allow_insecure_renegotiation()) && !m_secure_renegotiation.supported())
          {
          m_state.reset();
 
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index 55ae14176..323a0c285 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -83,6 +83,11 @@ class BOTAN_DLL Policy
       virtual bool allow_insecure_renegotiation() const { return false; }
 
       /**
+      * Allow servers to initiate a new handshake
+      */
+      virtual bool allow_server_initiated_renegotiation() const { return true; }
+
+      /**
       * Return the group to use for ephemeral Diffie-Hellman key agreement
       */
       virtual DL_Group dh_group() const;
author	lloyd <[email protected]>	2012-08-06 16:03:11 +0000
committer	lloyd <[email protected]>	2012-08-06 16:03:11 +0000
commit	8122389c0a95f6f98e71c96ae3366b48f9e43cb8 (patch)
tree	91c26d0c060812c24278f1bf6091046e592c2a51 /src/tls
parent	5c35bdbb373a5db27299e64abf906409699a1adb (diff)