projects / BearSSL / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed mishandling of tree structure in the cache for session parameters.
[BearSSL] / src / ssl / ssl_hs_server.t0
diff --git a/src/ssl/ssl_hs_server.t0 b/src/ssl/ssl_hs_server.t0
index cb0579c..bb3bc3d 100644 (file)
--- a/src/ssl/ssl_hs_server.t0
+++ b/src/ssl/ssl_hs_server.t0
@@ -814,6 +814,11 @@ cc: save-session ( -- ) {
        \ we should mark the client as "supporting secure renegotiation".
        reneg-scsv if 2 addr-reneg set8 then
 
+       \ If, at that point, the 'reneg' value is still 0, then the client
+       \ did not send the extension or the SCSV, so we have to assume
+       \ that secure renegotiation is not supported by that client.
+       addr-reneg get8 ifnot 1 addr-reneg set8 then
+
        \ Check compression.
        ok-compression ifnot 40 fail-alert then
 
The BearSSL library and tools.