Drop out-of-sequence ChangeCipherSpec messages
This commit is contained in:
parent
7cf3518284
commit
767c69561b
1 changed files with 15 additions and 1 deletions
|
@ -2637,7 +2637,7 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "dropping out-of-order message: "
|
SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
|
||||||
"message_seq = %d, expected = %d",
|
"message_seq = %d, expected = %d",
|
||||||
recv_msg_seq,
|
recv_msg_seq,
|
||||||
ssl->handshake->in_msg_seq ) );
|
ssl->handshake->in_msg_seq ) );
|
||||||
|
@ -3017,6 +3017,20 @@ read_record_header:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||||
|
{
|
||||||
|
/* Drop unexpected ChangeCipherSpec messages */
|
||||||
|
if( ssl->in_msgtype == SSL_MSG_CHANGE_CIPHER_SPEC &&
|
||||||
|
ssl->state != SSL_CLIENT_CHANGE_CIPHER_SPEC &&
|
||||||
|
ssl->state != SSL_SERVER_CHANGE_CIPHER_SPEC )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 2, ( "dropping unexpected ChangeCipherSpec" ) );
|
||||||
|
return( POLARSSL_ERR_NET_WANT_READ );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "<= read record" ) );
|
SSL_DEBUG_MSG( 2, ( "<= read record" ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
Loading…
Reference in a new issue