summaryrefslogtreecommitdiff
path: root/src/common/tortls.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-04-27 12:13:56 -0400
committerNick Mathewson <nickm@torproject.org>2012-04-27 12:13:56 -0400
commitf0212197cccf461e431d6807a94ea0fdc411e179 (patch)
treef93d3aa7b0d9416403caa10eb1cd49a6055baf67 /src/common/tortls.c
parentf6afd4efa6c24fab8ace710fc0eac4c8811b93dd (diff)
downloadtor-f0212197cccf461e431d6807a94ea0fdc411e179.tar.gz
tor-f0212197cccf461e431d6807a94ea0fdc411e179.zip
Only disable cert chaining on the first TLS handshake
If the client uses a v2 cipherlist on the renegotiation handshake, it looks as if they could fail to get a good cert chain from the server, since they server would re-disable certificate chaining. This patch makes it so the code that make the server side of the first v2 handshake special can get called only once. Fix for 4591; bugfix on 0.2.0.20-rc.
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r--src/common/tortls.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 4c9d2188d4..abdd411dfb 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -965,7 +965,9 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
/* Now check the cipher list. */
if (tor_tls_client_is_using_v2_ciphers(ssl, ADDR(tls))) {
- /*XXXX_TLS keep this from happening more than once! */
+ if (tls->wasV2Handshake)
+ return; /* We already turned this stuff off for the first handshake;
+ * This is a renegotiation. */
/* Yes, we're casting away the const from ssl. This is very naughty of us.
* Let's hope openssl doesn't notice! */