Merge branch 'development' into dtls

* development: Fix error code description. generate_errors.pl now errors on duplicate codes Avoid nested if's without braces. Move renego SCSV after actual ciphersuites Fix send_close_notify usage. Rename variable for clarity Improve script portability Conflicts: library/ssl_srv.c programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00 · 2015-01-22 13:30:33 +00:00 · 3a173f497b
commit 3a173f497b
parent 23eb74d8b5 11c919208d
8 changed files with 50 additions and 36 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -635,16 +635,18 @@ static int ssl_write_client_hello( ssl_context *ssl )
     */
 #if defined(POLARSSL_SSL_RENEGOTIATION)
    if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
-#endif
-    if( ssl->session_negotiate->ticket != NULL &&
-        ssl->session_negotiate->ticket_len != 0 )
    {
-        ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, 32 );
+#endif
+        if( ssl->session_negotiate->ticket != NULL &&
+                ssl->session_negotiate->ticket_len != 0 )
+        {
+            ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, 32 );

-        if( ret != 0 )
-            return( ret );
+            if( ret != 0 )
+                return( ret );

-        ssl->session_negotiate->length = n = 32;
+            ssl->session_negotiate->length = n = 32;
+        }
    }
 #endif /* POLARSSL_SSL_SESSION_TICKETS */

@ -691,18 +693,6 @@ static int ssl_write_client_hello( ssl_context *ssl )
    q = p;
    p += 2;

-    /*
-     * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-     */
-#if defined(POLARSSL_SSL_RENEGOTIATION)
-    if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
-#endif
-    {
-        *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
-        *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO      );
-        n++;
-    }
-
    for( i = 0; ciphersuites[i] != 0; i++ )
    {
        ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
@ -732,6 +722,18 @@ static int ssl_write_client_hello( ssl_context *ssl )
        *p++ = (unsigned char)( ciphersuites[i]      );
    }

+    /*
+     * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+     */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+    if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
+    {
+        *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
+        *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO      );
+        n++;
+    }
+
    /* Some versions of OpenSSL don't handle it correctly if not at end */
 #if defined(POLARSSL_SSL_FALLBACK_SCSV)
    if( ssl->fallback == SSL_IS_FALLBACK )