X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_client.t0;h=23b39e719856f9784e896e05c693377ff83b6700;hp=cfe5f782b270616225a261f00d5577437bb9f0c0;hb=f0ddbc32f07c4042ea31759b0d90864ca087b2b7;hpb=7f343eedfc0ef1b3eab8ded1d60e2abc82324a5e

diff --git a/src/ssl/ssl_hs_client.t0 b/src/ssl/ssl_hs_client.t0
index cfe5f78..23b39e7 100644
--- a/src/ssl/ssl_hs_client.t0
+++ b/src/ssl/ssl_hs_client.t0
@@ -31,7 +31,7 @@ preamble {
  * specific name. It must be noted that since the engine context is the
  * first field of the br_ssl_client_context structure ('eng'), then
  * pointers values of both types are interchangeable, modulo an
- * appropriate cast. This also means that "adresses" computed as offsets
+ * appropriate cast. This also means that "addresses" computed as offsets
  * within the structure work for both kinds of context.
  */
 #define CTX  ((br_ssl_client_context *)ENG)
@@ -686,16 +686,12 @@ cc: DEBUG-BLOB ( addr len -- ) {
 
 	\ Cipher suite. We check that it is part of the list of cipher
 	\ suites that we advertised.
-	\ read16 { suite ; found }
-	\ 0 >found
-	\ addr-suites_buf dup addr-suites_num get8 1 << +
-	\ begin dup2 < while
-	\ 	2 - dup get16
-	\ 	suite = found or >found
-	\ repeat
-	\ 2drop found ifnot ERR_BAD_CIPHER_SUITE fail then
 	read16
 	dup scan-suite 0< if ERR_BAD_CIPHER_SUITE fail then
+	\ Also check that the cipher suite is compatible with the
+	\ announced version: suites that don't use HMAC/SHA-1 are
+	\ for TLS-1.2 only, not older versions.
+	dup use-tls12? version 0x0303 < and if ERR_BAD_CIPHER_SUITE fail then
 	addr-cipher_suite resume check-resume
 
 	\ Compression method. Should be 0 (no compression).
@@ -805,6 +801,13 @@ cc: DEBUG-BLOB ( addr len -- ) {
 			1 addr-reneg set8
 		then
 		close-elt
+	else
+		\ No extension received at all, so the server does not
+		\ support secure renegotiation. This is a hard failure
+		\ if the server was previously known to support it (i.e.
+		\ this is a renegotiation).
+		ext-reneg-length 5 > if ERR_BAD_SECRENEG fail then
+		1 addr-reneg set8
 	then
 	close-elt
 	resume
@@ -966,7 +969,7 @@ cc: get-client-chain ( auth_types -- ) {
 
 \ Parse CertificateRequest. Header has already been read.
 : read-contents-CertificateRequest ( lim -- )
-	\ Read supported client authentification types. We keep only
+	\ Read supported client authentication types. We keep only
 	\ RSA, ECDSA, and ECDH.
 	0 { auth_types }
 	read8 open-elt
@@ -1257,6 +1260,12 @@ cc: do-client-sign ( -- sig_len ) {
 						wait-co drop
 					repeat
 					100 send-warning
+					\ We rejected the renegotiation,
+					\ but the connection is not dead.
+					\ We must set back things into
+					\ working "application data" state.
+					1 addr-application_data set8
+					23 addr-record_type_out set8
 				else
 					do-handshake
 				then