pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:529:    // the session identifier must be invalidated, preventing the    // failed session from being used to establish new connections.    if (session) {    context->purge_session(session);    }    } else if (packet->description == ALERT_close_notify) {    state = [int(0..0)|ConnectionState](state | CONNECTION_local_closed);    }    }    string res = current_write_state->encrypt_packet(packet, context)->send(); -  if (packet->content_type == PACKET_change_cipher_spec) +  if (packet->content_type == PACKET_change_cipher_spec) {    current_write_state = pending_write_state; -  +  if (version >= PROTOCOL_TLS_1_3) { +  // The change cipher state packet is not sent on the wire in TLS 1.3. +  return to_write(); +  } +  }    return res;   }      //! Initiate close.   void send_close()   {    send_packet(alert(ALERT_warning, ALERT_close_notify,    "Closing connection.\n"), PRI_application);   }   
pike.git/lib/modules/SSL.pmod/Connection.pike:853:    case PACKET_change_cipher_spec:    {    SSL3_DEBUG_MSG("SSL.Connection: CHANGE_CIPHER_SPEC\n");       if( !sizeof(packet->fragment) )    {    send_packet(alert(ALERT_fatal, ALERT_unexpected_message,    "Zero length ChangeCipherSpec fragments not allowed.\n"));    return -1;    } +  if (version >= PROTOCOL_TLS_1_3) { +  send_packet(alert(ALERT_fatal, ALERT_unexpected_message, +  "ChangeCipherSpec not allowed in TLS 1.3 and later.\n")); +  return -1; +  }    foreach(packet->fragment;; int c)    {    int err = handle_change_cipher(c);    SSL3_DEBUG_MSG("tried change_cipher: %d\n", err);    if (err)    return err;    }    break;    }    case PACKET_handshake:
pike.git/lib/modules/SSL.pmod/Connection.pike:882:    if (!(state & CONNECTION_handshaking) &&    !secure_renegotiation) {    // Don't allow renegotiation in unsecure mode, to address    // http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555.    // For details see: http://www.g-sec.lu/practicaltls.pdf and    // RFC 5746.    send_packet(alert(ALERT_warning, ALERT_no_renegotiation,    "Renegotiation not supported in unsecure mode.\n"));    return -1;    } -  if (expect_change_cipher) +  if (expect_change_cipher && (version < PROTOCOL_TLS_1_3))    {    /* No change_cipher message was received */    // FIXME: There's a bug somewhere since expect_change_cipher often    // remains set after the handshake is completed. The effect is that    // renegotiation doesn't work all the time.    //    // A side effect is that we are partly invulnerable to the    // renegotiation vulnerability mentioned above. It is however not    // safe to assume that, since there might be routes past this,    // maybe through the use of a version 2 hello message below.