Revision d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 authored by Matt Caswell on 10 November 2015, 15:17:42 UTC, committed by Matt Caswell on 10 November 2015, 19:24:20 UTC
If a DTLS client that does not support secure renegotiation connects to an OpenSSL DTLS server then, by default, renegotiation is disabled. If a server application attempts to initiate a renegotiation then OpenSSL is supposed to prevent this. However due to a discrepancy between the TLS and DTLS code, the server sends a HelloRequest anyway in DTLS. This is not a security concern because the handshake will still fail later in the process when the client responds with a ClientHello. Reviewed-by: Tim Hudson <tjh@openssl.org>
1 parent 15a7164
testenc
#!/bin/sh
testsrc=testenc
test=./p
cmd="../util/shlib_wrap.sh ../apps/openssl"
cat $testsrc >$test;
echo cat
$cmd enc < $test > $test.cipher
$cmd enc < $test.cipher >$test.clear
cmp $test $test.clear
if [ $? != 0 ]
then
exit 1
else
/bin/rm $test.cipher $test.clear
fi
echo base64
$cmd enc -a -e < $test > $test.cipher
$cmd enc -a -d < $test.cipher >$test.clear
cmp $test $test.clear
if [ $? != 0 ]
then
exit 1
else
/bin/rm $test.cipher $test.clear
fi
for i in `$cmd list-cipher-commands`
do
echo $i
$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
$cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
cmp $test $test.$i.clear
if [ $? != 0 ]
then
exit 1
else
/bin/rm $test.$i.cipher $test.$i.clear
fi
echo $i base64
$cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
$cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
cmp $test $test.$i.clear
if [ $? != 0 ]
then
exit 1
else
/bin/rm $test.$i.cipher $test.$i.clear
fi
done
rm -f $test
Computing file changes ...
