summaryrefslogtreecommitdiff
path: root/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2009-11-10 09:09:41 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2009-11-10 09:09:41 +0000
commit1dbb7b9fd5969436ffc25e60b75b520785aa6898 (patch)
tree1b2c712faa095661b71f852d1e33c3ac2808463a /lib/libssl/s3_lib.c
parent4a9fe09da4598f230a59a95872414a867d29fe08 (diff)
pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from
openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
Diffstat (limited to 'lib/libssl/s3_lib.c')
-rw-r--r--lib/libssl/s3_lib.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 8916a0b1b3c..5aa7bb21da1 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -2592,6 +2592,9 @@ int ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
+ if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ return(0);
+
s->s3->renegotiate=1;
return(1);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-30 21:07:03 +0000