Commit dffdcc77 authored by Todd Short's avatar Todd Short Committed by Kurt Roeckx
Browse files

Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION 



The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is
inconsistent. Most places check SSL->options, one place is checking
SSL_CTX->options; fix that.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
GH: #3523
parent 418bb7b3

ssl/record/rec_layer_s3.c

+1 −1
Original line number Diff line number Diff line
@@ -1439,7 +1439,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
        (s->rlayer.handshake_fragment_len >= 4) &&

        (s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&

        (s->session != NULL) && (s->session->cipher != NULL) &&

        !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {

        !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {

        SSL3_RECORD_set_length(rr, 0);

        SSL3_RECORD_set_read(rr);

        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);