new handShakeDone flag to allow app data during scr
This commit is contained in:
parent
21f46373f3
commit
74c6f35766
@ -1693,6 +1693,7 @@ typedef struct Options {
|
||||
byte serverState;
|
||||
byte clientState;
|
||||
byte handShakeState;
|
||||
byte handShakeDone; /* at least one handshake complete */
|
||||
byte side; /* client or server end */
|
||||
byte verifyPeer;
|
||||
byte verifyNone;
|
||||
|
@ -1629,6 +1629,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||
ssl->options.connectState = CONNECT_BEGIN;
|
||||
ssl->options.acceptState = ACCEPT_BEGIN;
|
||||
ssl->options.handShakeState = NULL_STATE;
|
||||
ssl->options.handShakeDone = 0;
|
||||
ssl->options.processReply = doProcessInit;
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
@ -4424,6 +4425,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
|
||||
ssl->options.serverState = SERVER_FINISHED_COMPLETE;
|
||||
if (!ssl->options.resuming) {
|
||||
ssl->options.handShakeState = HANDSHAKE_DONE;
|
||||
ssl->options.handShakeDone = 1;
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
@ -4438,6 +4440,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
|
||||
ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
|
||||
if (ssl->options.resuming) {
|
||||
ssl->options.handShakeState = HANDSHAKE_DONE;
|
||||
ssl->options.handShakeDone = 1;
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
@ -5760,8 +5763,8 @@ int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
|
||||
#endif
|
||||
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE) {
|
||||
CYASSL_MSG("Received App data before handshake complete");
|
||||
if (ssl->options.handShakeDone == 0) {
|
||||
CYASSL_MSG("Received App data before a handshake completed");
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
return OUT_OF_ORDER_E;
|
||||
}
|
||||
@ -6773,6 +6776,7 @@ int SendFinished(CYASSL* ssl)
|
||||
}
|
||||
else {
|
||||
ssl->options.handShakeState = HANDSHAKE_DONE;
|
||||
ssl->options.handShakeDone = 1;
|
||||
#ifdef CYASSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
/* Other side will soon receive our Finished, go to next
|
||||
@ -6786,6 +6790,7 @@ int SendFinished(CYASSL* ssl)
|
||||
else {
|
||||
if (ssl->options.side == CYASSL_CLIENT_END) {
|
||||
ssl->options.handShakeState = HANDSHAKE_DONE;
|
||||
ssl->options.handShakeDone = 1;
|
||||
#ifdef CYASSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
/* Other side will soon receive our Finished, go to next
|
||||
@ -7210,7 +7215,7 @@ int SendAlert(CYASSL* ssl, int severity, int type)
|
||||
|
||||
/* only send encrypted alert if handshake actually complete, otherwise
|
||||
other side may not be able to handle it */
|
||||
if (ssl->keys.encryptionOn && ssl->options.handShakeState == HANDSHAKE_DONE)
|
||||
if (ssl->keys.encryptionOn && ssl->options.handShakeDone)
|
||||
sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert);
|
||||
else {
|
||||
|
||||
|
@ -2425,6 +2425,7 @@ doMessage:
|
||||
session->flags.clientCipherOn = 1;
|
||||
Trace(GOT_CHANGE_CIPHER_STR);
|
||||
ssl->options.handShakeState = HANDSHAKE_DONE;
|
||||
ssl->options.handShakeDone = 1;
|
||||
break;
|
||||
case application_data:
|
||||
Trace(GOT_APP_DATA_STR);
|
||||
|
Loading…
Reference in New Issue
Block a user