Commit 2c0980d2 authored by Matt Caswell's avatar Matt Caswell
Browse files

Make calls to SSL_renegotiate() error out for TLSv1.3 



When we have support for KeyUpdate we might consider doing that instead.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
parent ddf6ec00

ssl/ssl_lib.c

+10 −4
Original line number Diff line number Diff line
@@ -1716,9 +1716,12 @@ int SSL_shutdown(SSL *s) 


int SSL_renegotiate(SSL *s)

{

    /* Do nothing in TLS1.3 */

    /*

     * TODO(TLS1.3): Return an error for now. Perhaps we should do a KeyUpdate

     * instead when we support that?

     */

    if (SSL_IS_TLS13(s))

        return 1;

        return 0;



    if (s->renegotiate == 0)

        s->renegotiate = 1;
@@ -1730,9 +1733,12 @@ int SSL_renegotiate(SSL *s) 


int SSL_renegotiate_abbreviated(SSL *s)

{

    /* Do nothing in TLS1.3 */

    /*

     * TODO(TLS1.3): Return an error for now. Perhaps we should do a KeyUpdate

     * instead when we support that?

     */

    if (SSL_IS_TLS13(s))

        return 1;

        return 0;



    if (s->renegotiate == 0)

        s->renegotiate = 1;