diff options
| author | Enji Cooper <ngie@FreeBSD.org> | 2025-07-11 00:18:38 +0000 |
|---|---|---|
| committer | Enji Cooper <ngie@FreeBSD.org> | 2025-07-11 00:18:38 +0000 |
| commit | ecf8229ffeb17a05c78fab6b973b0cccb84e25c5 (patch) | |
| tree | da8cf5ccc84d9bc3fbadcf674c7d501f9ca7ab5d /ssl/record/rec_layer_d1.c | |
| parent | 1c34280346af8284acdc0eae39496811d37df25d (diff) | |
vendor/openssl: import OpenSSL 3.0.17vendor/openssl/3.0.17vendor/openssl-3.0
Per the upstream release notes, this is a ["bugfix release"](https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md#openssl-30). It does not
contain any security-critical bugfixes, unlike the most recent prior releases
of OpenSSL 3.0.
This release is not an immediate candidate for inclusion in
14.3-* releases. That being said, content from this release will
potentially be rolled into upcoming releases by virtue of this being an
iterative 3.0.x release.
The changes may be benign, but some care might be required in the event
that some of the bugfixes affect shipping code which requires behavior
that may have been changed in this release.
Obtained from: https://github.com/openssl/openssl/releases/download/openssl-3.0.17/openssl-3.0.17.tar.gz
Diffstat (limited to 'ssl/record/rec_layer_d1.c')
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 79de0219ec7b..3e5ec6aec4dd 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -606,6 +606,17 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, #endif s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; + } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { + /* + * This is a warning but we receive it if we requested + * renegotiation and the peer denied it. Terminate with a fatal + * alert because if the application tried to renegotiate it + * presumably had a good reason and expects it to succeed. In + * the future we might have a renegotiation where we don't care + * if the peer refused it where we carry on. + */ + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION); + return -1; } } else if (alert_level == SSL3_AL_FATAL) { s->rwstate = SSL_NOTHING; |