SSLv3: when refusing renegotiation, stop processing
Before the code was sending a fatal alert but then processing any further data from the peer. Internal reference: IOTSSL-1384
This commit is contained in:
parent
c94f7352fa
commit
92e4426169
1 changed files with 5 additions and 5 deletions
|
@ -6726,11 +6726,11 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
/*
|
||||
* SSLv3 does not have a "no_renegotiation" alert
|
||||
*/
|
||||
if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
/* SSLv3 does not have a "no_renegotiation" warning, so
|
||||
we send a fatal alert and abort the connection. */
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
|
Loading…
Reference in a new issue