From decd04d084f7f347dce7916b98b89071b19d2573 Mon Sep 17 00:00:00 2001
From: lloyd <lloyd@randombit.net>
Date: Fri, 8 Jun 2012 00:15:06 +0000
Subject: Invert the policy setting as I think it makes it more obvious that
 enabling this is a bad idea.

---
 src/tls/tls_client.cpp |  2 +-
 src/tls/tls_policy.h   | 10 +++++-----
 src/tls/tls_server.cpp |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index ba7738e5c..d19249d68 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -154,7 +154,7 @@ void Client::process_handshake_msg(Handshake_Type type,
       if(state->client_hello)
          return;
 
-      if(!secure_renegotiation.supported() && policy.require_secure_renegotiation())
+      if(!secure_renegotiation.supported() && !policy.allow_insecure_renegotiation())
          {
          delete state;
          state = nullptr;
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index c3a0fc29e..7678ecfd1 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -71,13 +71,13 @@ class BOTAN_DLL Policy
       virtual std::string choose_curve(const std::vector<std::string>& curve_names) const;
 
       /**
-      * Require support for RFC 5746 extensions to enable
-      * renegotiation.
+      * Allow renegotiation even if the counterparty doesn't
+      * support the secure renegotiation extension.
       *
-      * @warning Changing this to false exposes you to injected
-      * plaintext attacks. Read the RFC for background.
+      * @warning Changing this to true exposes you to injected
+      * plaintext attacks. Read RFC 5746 for background.
       */
-      virtual bool require_secure_renegotiation() const { return true; }
+      virtual bool allow_insecure_renegotiation() const { return false; }
 
       /**
       * Return the group to use for ephemeral Diffie-Hellman key agreement
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index f8d5894fb..bb3dfe5ff 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -287,7 +287,7 @@ void Server::process_handshake_msg(Handshake_Type type,
       else
          state->set_version(policy.pref_version());
 
-      if(policy.require_secure_renegotiation() &&
+      if(!policy.allow_insecure_renegotiation() &&
          !(secure_renegotiation.initial_handshake() || secure_renegotiation.supported()))
          {
          delete state;
-- 
cgit v1.2.3