← Back to branch summary

~ubuntu-branches/ubuntu/hardy/openssl/hardy-proposed

« back to all changes in this revision

Viewing changes to ssl/s3_srvr.c

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2010-08-12 08:35:55 UTC
  • Revision ID: james.westby@ubuntu.com-20100812083555-pbvncwa9ok60q30i
Tags: 0.9.8g-4ubuntu3.10
https://launchpad.net/bugs/616759
* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
    ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
    tls1}.h: backport rfc5746 support from openssl 0.9.8m.
  - CVE-2009-3555
* Enable tlsext, and backport some patches from jaunty now that tlsext is
  enabled.
  - Fix a problem with tlsext preventing firefox 3 from connection.
  - Don't add extentions to ssl v3 connections. It breaks with some
    other software.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/s3_srvr.c
248
248
                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
249
249
                                s->ctx->stats.sess_accept++;
250
250
                                }
 
251
                        else if (!s->s3->send_connection_binding &&
 
252
                                !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 
253
                                {
 
254
                                /* Server attempting to renegotiate with
 
255
                                 * client that doesn't support secure
 
256
                                 * renegotiation.
 
257
                                 */
 
258
                                SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
 
259
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
 
260
                                ret = -1;
 
261
                                goto end;
 
262
                                }
251
263
                        else
252
264
                                {
253
265
                                /* s->state == SSL_ST_RENEGOTIATE,
915
927
 
916
928
#ifndef OPENSSL_NO_TLSEXT
917
929
        /* TLS extensions*/
918
 
        if (s->version > SSL3_VERSION)
 
930
        if (s->version >= SSL3_VERSION)
919
931
                {
920
932
                if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
921
933
                        {
1093
1105
                 * session-id if we want it to be single use.
1094
1106
                 * Currently I will not implement the '0' length session-id
1095
1107
                 * 12-Jan-98 - I'll now support the '0' length stuff.
 
1108
                 *
 
1109
                 * We also have an additional case where stateless session
 
1110
                 * resumption is successful: we always send back the old
 
1111
                 * session id. In this case s->hit is non zero: this can
 
1112
                 * only happen if stateless session resumption is succesful
 
1113
                 * if session caching is disabled so existing functionality
 
1114
                 * is unaffected.
1096
1115
                 */
1097
 
                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
 
1116
                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
 
1117
                        && !s->hit)
1098
1118
                        s->session->session_id_length=0;
1099
1119
 
1100
1120
                sl=s->session->session_id_length;