Revision d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 authored by Matt Caswell on 10 November 2015, 15:17:42 UTC, committed by Matt Caswell on 10 November 2015, 19:24:20 UTC
If a DTLS client that does not support secure renegotiation connects to an OpenSSL DTLS server then, by default, renegotiation is disabled. If a server application attempts to initiate a renegotiation then OpenSSL is supposed to prevent this. However due to a discrepancy between the TLS and DTLS code, the server sends a HelloRequest anyway in DTLS. This is not a security concern because the handshake will still fail later in the process when the client responds with a ClientHello. Reviewed-by: Tim Hudson <tjh@openssl.org>
1 parent 15a7164
ck_errf.pl
#!/usr/local/bin/perl
#
# This is just a quick script to scan for cases where the 'error'
# function name in a XXXerr() macro is wrong.
#
# Run in the top level by going
# perl util/ck_errf.pl */*.c */*/*.c
#
my $err_strict = 0;
my $bad = 0;
foreach $file (@ARGV)
{
if ($file eq "-strict")
{
$err_strict = 1;
next;
}
open(IN,"<$file") || die "unable to open $file\n";
$func="";
while (<IN>)
{
if (!/;$/ && /^\**([a-zA-Z].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/)
{
/^([^()]*(\([^()]*\)[^()]*)*)\(/;
$1 =~ /([A-Za-z_0-9]*)$/;
$func = $1;
$func =~ tr/A-Z/a-z/;
}
if (/([A-Z0-9]+)err\(([^,]+)/ && ! /ckerr_ignore/)
{
$errlib=$1;
$n=$2;
if ($func eq "")
{ print "$file:$.:???:$n\n"; $bad = 1; next; }
if ($n !~ /([^_]+)_F_(.+)$/)
{
# print "check -$file:$.:$func:$n\n";
next;
}
$lib=$1;
$n=$2;
if ($lib ne $errlib)
{ print "$file:$.:$func:$n [${errlib}err]\n"; $bad = 1; next; }
$n =~ tr/A-Z/a-z/;
if (($n ne $func) && ($errlib ne "SYS"))
{ print "$file:$.:$func:$n\n"; $bad = 1; next; }
# print "$func:$1\n";
}
}
close(IN);
}
if ($bad && $err_strict)
{
print STDERR "FATAL: error discrepancy\n";
exit 1;
}
Computing file changes ...
