X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_common.t0;h=1eb534764bc6363a89a7fda1a00f3b1dc41ef9e6;hp=b8f84785d2739cc7156c22b56b3c4d69c1b7cc6c;hb=292f43357850dbadd1f7e8a343415a707af3a800;hpb=7561e7d6c86171257a4153d95202b0791b3612a8

diff --git a/src/ssl/ssl_hs_common.t0 b/src/ssl/ssl_hs_common.t0
index b8f8478..1eb5347 100644
--- a/src/ssl/ssl_hs_common.t0
+++ b/src/ssl/ssl_hs_common.t0
@@ -156,6 +156,7 @@ addr-eng: ecdhe_point
 addr-eng: ecdhe_point_len
 addr-eng: reneg
 addr-eng: saved_finished
+addr-eng: flags
 addr-eng: pad
 addr-eng: action
 addr-eng: alert
@@ -174,6 +175,10 @@ addr-session-field: version
 addr-session-field: cipher_suite
 addr-session-field: master_secret
 
+\ Check a server flag by index.
+: flag? ( index -- bool )
+	addr-flags get32 swap >> 1 and neg ;
+
 \ Define a word that evaluates to an error constant. This assumes that
 \ all relevant error codes are in the 0..63 range.
 : err:
@@ -449,6 +454,9 @@ cc: read-chunk-native ( addr len -- addr len ) {
 		1 of
 			0 addr-alert set8
 			\ close_notify has value 0.
+			\ no_renegotiation has value 100, and we treat it
+			\ as a fatal alert.
+			dup 100 = if 256 + fail then
 			0= ret
 		endof
 		\ Fatal alert implies context termination.