Fix client-initiated renegotiation with DTLS
This commit is contained in:
parent
b35fe5638a
commit
30d16eb429
3 changed files with 28 additions and 11 deletions
|
@ -1253,6 +1253,14 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||
SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* Done reading this record, get ready for the next one */
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||
ssl->next_record_offset = msg_len + ssl_hdr_len( ssl );
|
||||
else
|
||||
#endif
|
||||
ssl->in_left = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -1441,7 +1449,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||
buf + cookie_offset + 1, cookie_len );
|
||||
|
||||
#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
|
||||
if( ssl->f_cookie_check != NULL )
|
||||
if( ssl->f_cookie_check != NULL &&
|
||||
ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
|
||||
{
|
||||
if( ssl->f_cookie_check( ssl->p_cookie,
|
||||
buf + cookie_offset + 1, cookie_len,
|
||||
|
@ -1784,8 +1793,6 @@ have_ciphersuite:
|
|||
ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
|
||||
ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
|
||||
|
||||
/* ClientHello can't be bundled with another record in same datagram */
|
||||
ssl->in_left = 0;
|
||||
ssl->state++;
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
|
||||
|
|
|
@ -2141,7 +2141,8 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
|
|||
* TLS handshake format to other functions.
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->state != SSL_HANDSHAKE_OVER )
|
||||
{
|
||||
// TODO: DTLS: check message_seq
|
||||
|
||||
|
@ -2289,11 +2290,13 @@ int ssl_read_record( ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
/* Done reading this record, get ready for the next one */
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||
ssl->next_record_offset = ssl->in_msglen + ssl_hdr_len( ssl );
|
||||
else
|
||||
#endif
|
||||
ssl->in_left = 0;
|
||||
|
||||
SSL_DEBUG_BUF( 4, "input record from network",
|
||||
ssl->in_hdr, ssl_hdr_len( ssl ) + ssl->in_msglen );
|
||||
|
@ -2402,12 +2405,6 @@ int ssl_read_record( ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
/* With DTLS there might be other records in the same datagram */
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport != SSL_TRANSPORT_DATAGRAM )
|
||||
#endif
|
||||
ssl->in_left = 0;
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= read record" ) );
|
||||
|
||||
return( 0 );
|
||||
|
|
|
@ -855,6 +855,19 @@ run_test "Renegotiation: gnutls server, client-initiated" \
|
|||
-C "error" \
|
||||
-c "HTTP/1.0 200 [Oo][Kk]"
|
||||
|
||||
run_test "Renegotiation: DTLS, client-initiated" \
|
||||
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
|
||||
0 \
|
||||
-c "client hello, adding renegotiation extension" \
|
||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||
-s "found renegotiation extension" \
|
||||
-s "server hello, secure renegotiation extension" \
|
||||
-c "found renegotiation extension" \
|
||||
-c "=> renegotiate" \
|
||||
-s "=> renegotiate" \
|
||||
-S "write hello request"
|
||||
|
||||
# Tests for auth_mode
|
||||
|
||||
run_test "Authentication: server badcert, client required" \
|
||||
|
|
Loading…
Reference in a new issue