The branch OpenSSL_1_1_0-stable has been updated
via ef66b8cb5efbc2dfbc2dc64f35a34c023b96e4c1 (commit)
from 0efb6d94cdc3bc10a30206b95c0621f399e0cc79 (commit)
- Log -----------------------------------------------------------------
commit ef66b8cb5efbc2dfbc2dc64f35a34c023b96e4c1
Author: Todd Short <[email protected]>
Date: Mon May 22 11:24:59 2017 -0400
Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is
inconsistent. Most places check SSL->options, one place is checking
SSL_CTX->options; fix that.
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Kurt Roeckx <[email protected]>
GH: #3523
(cherry picked from commit dffdcc773ac0a294b1ce620131cb8d7401da9408)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_s3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index c533bbd..5945d18 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1332,7 +1332,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf,
(s->rlayer.handshake_fragment_len >= 4) &&
(s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
(s->session != NULL) && (s->session->cipher != NULL) &&
- !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
