diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-07 19:05:03 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-07 19:05:03 +0000 |
commit | 73ff97ad7618a33efe4c6b20580d923bc3dd6d7e (patch) | |
tree | bebdbf8f9950dcfbac0c9c3851cff93f21e05d8f /ssl/ssl_lib.c | |
parent | 0d8ffc20073f35e4e2155bc3432c2d00d273cddf (diff) | |
download | openssl-new-73ff97ad7618a33efe4c6b20580d923bc3dd6d7e.tar.gz |
Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b265b4d45f..b72a970648 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1370,10 +1370,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, p+=j; } /* If p == q, no ciphers and caller indicates an error. Otherwise - * add SCSV if no extensions (i.e. SSL3 is client_version) - * since spec RECOMMENDS not sending both RI and SCSV. + * add SCSV if not renegotiating. */ - if (p != q && !s->new_session && s->client_version == SSL3_VERSION) + if (p != q && !s->new_session) { static SSL_CIPHER scsv = { |