From: Ben Laurie Date: Thu, 24 Nov 2011 18:22:06 +0000 (+0000) Subject: Don't send NPN during renegotiation. X-Git-Tag: OpenSSL_1_0_1-beta1~55 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8cd897a42c973ed3a76ef1946f0d9eda1b6b12ec;p=openssl Don't send NPN during renegotiation. --- diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1578f17e97..26673cfdee 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -465,7 +465,7 @@ int ssl3_connect(SSL *s) #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->state=SSL3_ST_CW_FINISHED_A; #else - if (s->next_proto_negotiated) + if (s->s3->next_proto_neg_seen) s->state=SSL3_ST_CW_NEXT_PROTO_A; else s->state=SSL3_ST_CW_FINISHED_A; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f33a93197b..e3e3b922d1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -836,6 +836,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in s->servername_done = 0; s->tlsext_status_type = -1; +#ifndef OPENSSL_NO_NEXTPROTONEG + s->s3->next_proto_neg_seen = 0; +#endif if (data >= (d+n-2)) goto ri_check; @@ -1305,6 +1308,10 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int tlsext_servername = 0; int renegotiate_seen = 0; +#ifndef OPENSSL_NO_NEXTPROTONEG + s->s3->next_proto_neg_seen = 0; +#endif + if (data >= (d+n-2)) goto ri_check; @@ -1431,7 +1438,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in s->tlsext_status_expected = 1; } #ifndef OPENSSL_NO_NEXTPROTONEG - else if (type == TLSEXT_TYPE_next_proto_neg) + else if (type == TLSEXT_TYPE_next_proto_neg && + s->s3->tmp.finish_md_len == 0) { unsigned char *selected; unsigned char selected_len; @@ -1461,6 +1469,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } memcpy(s->next_proto_negotiated, selected, selected_len); s->next_proto_negotiated_len = selected_len; + s->s3->next_proto_neg_seen = 1; } #endif else if (type == TLSEXT_TYPE_renegotiate)