mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 17:18:07 +00:00
Fix handling of HS msgs in mbedtls_ssl_read if renegotiation unused
Previously, if `MBEDTLS_SSL_RENEGOTIATION` was disabled, incoming handshake messages in `mbedtls_ssl_read` (expecting application data) lead to the connection being closed. This commit fixes this, restricting the `MBEDTLS_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting renegotiation requests and aborting renegotiation attempts after too many unexpected records have been received.
This commit is contained in:
parent
b4ff0aafd9
commit
21df7f90d2
1 changed files with 3 additions and 1 deletions
|
@ -6878,7 +6878,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
|
||||
|
@ -6920,6 +6919,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
/* Determine whether renegotiation attempt should be accepted */
|
||||
if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
|
||||
( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||
|
@ -6947,6 +6947,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
{
|
||||
/*
|
||||
* Refuse renegotiation
|
||||
|
@ -6987,6 +6988,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
||||
{
|
||||
if( ssl->conf->renego_max_records >= 0 )
|
||||
|
|
Loading…
Reference in a new issue