[glib-networking: 55/129] connection: do not allow to rehandshake if handshake mode says so

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking: 55/129] connection: do not allow to rehandshake if handshake mode says so
Date: Sat, 2 Feb 2019 22:48:00 +0000 (UTC)

commit 6caf3b7a83d78ce39be8e6e1413fbd0cbe3c17e0
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Tue Oct 17 13:35:51 2017 +0200

    connection: do not allow to rehandshake if handshake mode says so
    
    We should check the rehandshake mode before trying to rehandshake

 tls/openssl/gtlsconnection-openssl.c | 7 +++++++
 1 file changed, 7 insertions(+)
---
diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
index ac1a67c..d93308e 100644
--- a/tls/openssl/gtlsconnection-openssl.c
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -215,6 +215,13 @@ g_tls_connection_openssl_request_rehandshake (GTlsConnectionBase  *tls,
 
   openssl = G_TLS_CONNECTION_OPENSSL (tls);
 
+  if (tls->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
+    {
+      g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                           _("Peer requested illegal TLS rehandshake"));
+      return G_TLS_CONNECTION_BASE_ERROR;
+    }
+
   ssl = g_tls_connection_openssl_get_ssl (openssl);
 
   BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]