Return MBEDTLS_ERR_SSL_EARLY_MESSAGE for future HS messages
This leads future HS messages to traverse the buffering function ssl_buffer_message(), which however doesn't do anything at the moment for HS messages. Since the error code MBEDTLS_ERR_SSL_EARLY_MESSAGE is afterwards remapped to MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -- which is what was returned prior to this commit when receiving a future handshake message -- this commit therefore does not yet introduce any change in observable behavior.
This commit is contained in:
parent
aa5d0c4493
commit
9e1ec22c36
1 changed files with 8 additions and 0 deletions
|
@ -3656,6 +3656,14 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||
( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
|
||||
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
|
||||
{
|
||||
if( recv_msg_seq > ssl->handshake->in_msg_seq )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)",
|
||||
recv_msg_seq,
|
||||
ssl->handshake->in_msg_seq ) );
|
||||
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
|
||||
}
|
||||
|
||||
/* Retransmit only on last message from previous flight, to avoid
|
||||
* too many retransmissions.
|
||||
* Besides, No sane server ever retransmits HelloVerifyRequest */
|
||||
|
|
Loading…
Reference in a new issue