mirrors-yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls synced 2024-11-24 22:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

Don't allow reconnect during handshake

Browse source 
Especially for resumed handshake, it's entirely possible for an epoch=0
ClientHello to be retransmitted or arrive so late that the server is already
at epoch=1. There is no good way to detect whether it's that or a reconnect.

However:
- a late ClientHello seems more likely that client going down and then up
  again in the middle of a handshake
- even if that's the case, we'll time out on that handshake soon enough
- we don't want to break handshake flows that used to work
So the safest option is to not treat that as a reconnect.
This commit is contained in:
Manuel Pégourié-Gonnard 2015-09-15 15:11:28 +02:00
parent 6ad23b9855
commit ea5370d4a2
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
library/ssl_tls.c
View file

@ -3542,6 +3542,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
* fact that the record header len is 13 instead.
*/
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
rec_epoch == 0 &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_left > 13 &&