"Zero length Handshake fragments not allowed.\n"); // Don't allow renegotiation in unsecure mode, to address // http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555. // For details see: http://www.g-sec.lu/practicaltls.pdf and // RFC 5746. COND_FATAL(!(state & CONNECTION_handshaking) && !secure_renegotiation, ALERT_no_renegotiation, "Renegotiation not supported in unsecure mode.\n");
COND_FATAL(!(state & CONNECTION_handshaking) &&
"Renegotiation disabled by context.\n");
/* No change_cipher message was received */ // FIXME: There's a bug somewhere since expect_change_cipher // often remains set after the handshake is completed. The // effect is that renegotiation doesn't work all the time. // // A side effect is that we are partly invulnerable to the // renegotiation vulnerability mentioned above. It is however // not safe to assume that, since there might be routes past // this, maybe through the use of a version 2 hello message // below.