diff options
| author | David Benjamin <davidben@chromium.org> | 2014-11-26 07:37:56 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-12-02 22:32:39 +0300 |
| commit | 533ef7304d9b48aad38805f1997031a0a034d7fe (patch) | |
| tree | ed6064e727bd19f3c018a59f737d99bd9e1d8b18 /ssl/d1_clnt.c | |
| parent | 8c88153465ed4eb657ffc8dedd9d37f72ad3d87d (diff) | |
Remove SSL_clear calls in handshake functions.
If the state is SSL_ST_BEFORE, the SSL* was just initialized. Otherwise, we
don't want to call SSL_clear. The one case I found where we do is if a
handshake message is received and someone sets
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS. This is apparently intended for external
consumers to set, but I see no code in Google that does.
Which is fortunate because it'll trigger SSL_clear. This retains the BIOs but
drops all connection state, including the record. If the client just initiated
renego, that's the ClientHello that's lost. The connection then hangs: the now
reset SSL* wants a ClientHello (under the null cipher because that too's been
dropped) while the peer wants an encrypted ServerHello.
Change-Id: Iddb3e0bb86d39d98155b060f9273a0856f2d1409
Reviewed-on: https://boringssl-review.googlesource.com/2436
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/d1_clnt.c')
| -rw-r--r-- | ssl/d1_clnt.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 44f69e5f..f9532fe8 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -163,7 +163,6 @@ int dtls1_connect(SSL *s) cb=s->ctx->info_callback; s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { |