diff options
author | Jack Lloyd <[email protected]> | 2017-02-07 09:45:14 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-02-19 10:21:47 -0500 |
commit | ebe32d7687aa9284003aa322c82d3ad2c7e8673b (patch) | |
tree | 72e503cf1fe29cdbb83202705201ad9d9454f2cc /src | |
parent | 5b7c0aba50abf70ac081277141aaf375e4d8373d (diff) |
Add TLS::Policy::allow_client_initiated_renegotiation
Parallel of the server policy flag.
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 1 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.h | 7 | ||||
-rw-r--r-- | src/lib/tls/tls_server.cpp | 8 |
3 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 60f8957c0..0bc2d4418 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -266,6 +266,7 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite&) const return true; } +bool Policy::allow_client_initiated_renegotiation() const { return true; } bool Policy::allow_server_initiated_renegotiation() const { return false; } bool Policy::allow_insecure_renegotiation() const { return false; } bool Policy::allow_tls10() const { return true; } diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 6f617c673..b6afd7b28 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -119,7 +119,12 @@ class BOTAN_DLL Policy virtual bool include_time_in_hello_random() const; /** - * Allow servers to initiate a new handshake + * Consulted by server side. If true, allows clients to initiate a new handshake + */ + virtual bool allow_client_initiated_renegotiation() const; + + /** + * Consulted by client side. If true, allows servers to initiate a new handshake */ virtual bool allow_server_initiated_renegotiation() const; diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index f509122a8..a78a025a4 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -353,7 +353,13 @@ void Server::initiate_handshake(Handshake_State& state, void Server::process_client_hello_msg(const Handshake_State* active_state, Server_Handshake_State& pending_state, const std::vector<uint8_t>& contents) -{ + { + if(policy().allow_client_initiated_renegotiation() == false) + { + send_warning_alert(Alert::NO_RENEGOTIATION); + return; + } + const bool initial_handshake = !active_state; if(!policy().allow_insecure_renegotiation() && |