Revision - d40ec4a - Stop DTLS servers asking for unsafe legacy renegotiation – ENEA Mirror of the Software Heritage archive

Revision d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 authored by Matt Caswell on 10 November 2015, 15:17:42 UTC, committed by Matt Caswell on 10 November 2015, 19:24:20 UTC

Stop DTLS servers asking for unsafe legacy renegotiation

If a DTLS client that does not support secure renegotiation connects to an
OpenSSL DTLS server then, by default, renegotiation is disabled. If a
server application attempts to initiate a renegotiation then OpenSSL is
supposed to prevent this. However due to a discrepancy between the TLS and
DTLS code, the server sends a HelloRequest anyway in DTLS.

This is not a security concern because the handshake will still fail later
in the process when the client responds with a ClientHello.

Reviewed-by: Tim Hudson <tjh@openssl.org>

1 parent 15a7164

Files
Changes

Permalinks

files.pl

#!/usr/local/bin/perl
#
# used to generate the file MINFO for use by util/mk1mf.pl
# It is basically a list of all variables from the passed makefile
#

while ($ARGV[0] =~ /^(\S+)\s*=(.*)$/)
	{
	$sym{$1} = $2;
	shift;
	}

$s="";
while (<>)
	{
	chop;
	s/#.*//;
	if (/^(\S+)\s*=\s*(.*)$/)
		{
		$o="";
		($s,$b)=($1,$2);
		for (;;)
			{
			if ($b =~ /\\$/)
				{
				chop($b);
				$o.=$b." ";
				$b=<>;
				chop($b);
				}
			else
				{
				$o.=$b." ";
				last;
				}
			}
		$o =~ s/^\s+//;
		$o =~ s/\s+$//;
		$o =~ s/\s+/ /g;

		$o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
		$sym{$s}=$o if !exists $sym{$s};
		}
	}

$pwd=`pwd`; chop($pwd);

if ($sym{'TOP'} eq ".")
	{
	$n=0;
	$dir=".";
	}
else	{
	$n=split(/\//,$sym{'TOP'});
	@_=split(/\//,$pwd);
	$z=$#_-$n+1;
	foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; }
	chop($dir);
	}

print "RELATIVE_DIRECTORY=$dir\n";

foreach (sort keys %sym)
	{
	print "$_=$sym{$_}\n";
	}
print "RELATIVE_DIRECTORY=\n";

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...