aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-02-07 09:45:14 -0500
committerJack Lloyd <[email protected]>2017-02-19 10:21:47 -0500
commitebe32d7687aa9284003aa322c82d3ad2c7e8673b (patch)
tree72e503cf1fe29cdbb83202705201ad9d9454f2cc /src
parent5b7c0aba50abf70ac081277141aaf375e4d8373d (diff)
Add TLS::Policy::allow_client_initiated_renegotiation
Parallel of the server policy flag.
Diffstat (limited to 'src')
-rw-r--r--src/lib/tls/tls_policy.cpp1
-rw-r--r--src/lib/tls/tls_policy.h7
-rw-r--r--src/lib/tls/tls_server.cpp8
3 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 60f8957c0..0bc2d4418 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -266,6 +266,7 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite&) const
return true;
}
+bool Policy::allow_client_initiated_renegotiation() const { return true; }
bool Policy::allow_server_initiated_renegotiation() const { return false; }
bool Policy::allow_insecure_renegotiation() const { return false; }
bool Policy::allow_tls10() const { return true; }
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 6f617c673..b6afd7b28 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -119,7 +119,12 @@ class BOTAN_DLL Policy
virtual bool include_time_in_hello_random() const;
/**
- * Allow servers to initiate a new handshake
+ * Consulted by server side. If true, allows clients to initiate a new handshake
+ */
+ virtual bool allow_client_initiated_renegotiation() const;
+
+ /**
+ * Consulted by client side. If true, allows servers to initiate a new handshake
*/
virtual bool allow_server_initiated_renegotiation() const;
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index f509122a8..a78a025a4 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -353,7 +353,13 @@ void Server::initiate_handshake(Handshake_State& state,
void Server::process_client_hello_msg(const Handshake_State* active_state,
Server_Handshake_State& pending_state,
const std::vector<uint8_t>& contents)
-{
+ {
+ if(policy().allow_client_initiated_renegotiation() == false)
+ {
+ send_warning_alert(Alert::NO_RENEGOTIATION);
+ return;
+ }
+
const bool initial_handshake = !active_state;
if(!policy().allow_insecure_renegotiation() &&