diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-04-22 17:08:41 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-04-22 17:08:41 +0000 |
commit | 267a53d1e72c96b9f73f75db7fb83f4b9a35cafe (patch) | |
tree | fc5d59a3291fcb2cb4efe8d8ba6ebb432e93c05f | |
parent | 35fe8cdfda855a8844a91f8ad4e0d538e1586d8b (diff) | |
download | gnutls-267a53d1e72c96b9f73f75db7fb83f4b9a35cafe.tar.gz |
allow unexpected handshake requests by the client.
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | doc/TODO | 1 | ||||
-rw-r--r-- | lib/gnutls_record.c | 9 |
3 files changed, 8 insertions, 3 deletions
@@ -1,6 +1,7 @@ Version 1.0.12 - Corrected bug in OpenPGP key loading using a callback. - Renamed gnutls-srpcrypt to srptool +- Allow handshake requests by the client. Version 1.0.11 (17/04/2004) - Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() @@ -21,7 +21,6 @@ Current list: * Audit the code * Allow sending V2 Hello messages. It seems that some (old) broken implementations require that. -* Allow unexpected Client Hello messages * Add Kerberos support (+) Means high priority diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 91d77d2207..5086a262ec 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -594,11 +594,12 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t break; case GNUTLS_HANDSHAKE: - /* This is only legal if HELLO_REQUEST is received - and we are a client + /* This is legal if HELLO_REQUEST is received - and we are a client. + * If we are a server, a client may initiate a renegotiation at any time. */ if ( session->security_parameters.entity==GNUTLS_SERVER) { gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET; + return GNUTLS_E_REHANDSHAKE; } /* If we are already in a handshake then a Hello @@ -884,6 +885,10 @@ ssize_t gnutls_record_send( gnutls_session session, const void *data, size_t siz * simply ignored, replied with an alert containing NO_RENEGOTIATION, * or replied with a new handshake. * + * A server may also receive GNUTLS_E_REHANDSHAKE when a client has + * initiated a handshake. In that case the server can only initiate + * a handshake or terminate the connection. + * * Returns the number of bytes received and zero on EOF. * A negative error code is returned in case of an error. * |