Revision - d40ec4a - Stop DTLS servers asking for unsafe legacy renegotiation – ENEA Mirror of the Software Heritage archive

Revision d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 authored by Matt Caswell on 10 November 2015, 15:17:42 UTC, committed by Matt Caswell on 10 November 2015, 19:24:20 UTC

Stop DTLS servers asking for unsafe legacy renegotiation

If a DTLS client that does not support secure renegotiation connects to an
OpenSSL DTLS server then, by default, renegotiation is disabled. If a
server application attempts to initiate a renegotiation then OpenSSL is
supposed to prevent this. However due to a discrepancy between the TLS and
DTLS code, the server sends a HelloRequest anyway in DTLS.

This is not a security concern because the handshake will still fail later
in the process when the client responds with a ClientHello.

Reviewed-by: Tim Hudson <tjh@openssl.org>

1 parent 15a7164

Files
Changes

Permalinks

perlpath.pl

#!/usr/local/bin/perl
#
# modify the '#!/usr/local/bin/perl'
# line in all scripts that rely on perl.
#

require "find.pl";

$#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
&find(".");

sub wanted
	{
	return unless /\.pl$/ || /^[Cc]onfigur/;

	open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
	@a=<IN>;
	close(IN);

	if (-d $ARGV[0]) {
		$a[0]="#!$ARGV[0]/perl\n";
	}
	else {
		$a[0]="#!$ARGV[0]\n";
	}

	# Playing it safe...
	$new="$_.new";
	open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
	print OUT @a;
	close(OUT);

	rename($new,$_) || die "unable to rename $dir/$new:$!\n";
	chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
	}

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...