Revision - d40ec4a - Stop DTLS servers asking for unsafe legacy renegotiation – ENEA Mirror of the Software Heritage archive

Revision d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 authored by Matt Caswell on 10 November 2015, 15:17:42 UTC, committed by Matt Caswell on 10 November 2015, 19:24:20 UTC

Stop DTLS servers asking for unsafe legacy renegotiation

If a DTLS client that does not support secure renegotiation connects to an
OpenSSL DTLS server then, by default, renegotiation is disabled. If a
server application attempts to initiate a renegotiation then OpenSSL is
supposed to prevent this. However due to a discrepancy between the TLS and
DTLS code, the server sends a HelloRequest anyway in DTLS.

This is not a security concern because the handshake will still fail later
in the process when the client responds with a ClientHello.

Reviewed-by: Tim Hudson <tjh@openssl.org>

1 parent 15a7164

Files
Changes

Permalinks

asn1test.c

#include <openssl/x509.h>
#include <openssl/asn1_mac.h>

typedef struct X {
    STACK_OF(X509_EXTENSION) *ext;
} X;

/* This isn't meant to run particularly, it's just to test type checking */
int main(int argc, char **argv)
{
    X *x = NULL;
    unsigned char **pp = NULL;

    M_ASN1_I2D_vars(x);
    M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
                                     i2d_X509_EXTENSION);
    M_ASN1_I2D_seq_total();
    M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
                                     i2d_X509_EXTENSION);
    M_ASN1_I2D_finish();
}

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...