MatrixSSL 3.9.5

matrixssl/extDecode.c

@@ -70,6 +70,7 @@ int32 parseClientHelloExtensions(ssl_t *ssl, unsigned char **cp, unsigned short
     /* Clear extFlags in case of rehandshakes */
     ssl->extFlags.truncated_hmac = 0;
     ssl->extFlags.sni = 0;
+    ssl->extFlags.sni_in_last_client_hello = 0;
     ssl->extFlags.session_id = 0;
     ssl->extFlags.session_ticket = 0;
     ssl->extFlags.extended_master_secret = 0;
@@ -233,9 +234,9 @@ static int ClientHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext
 # ifdef USE_ECC_CIPHER_SUITE
     unsigned short dataLen, curveId;
     uint32 ecFlags;
-# elif defined USE_OCSP
+# elif defined USE_OCSP_RESPONSE
     unsigned short dataLen;
-# endif /* USE_ECC_CIPHER_SUITE || USE_OCSP */
+# endif /* USE_ECC_CIPHER_SUITE || USE_OCSP_RESPONSE */
 # ifdef USE_TLS_1_2
     unsigned short tmpLen;
 # endif
@@ -351,6 +352,7 @@ static int ClientHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext
         }
         memcpy(ssl->expectedName, c, i);
         ssl->expectedName[i] = '\0';
+        ssl->extFlags.sni_in_last_client_hello = 1;
         break;
 
 # ifdef USE_ALPN
@@ -419,6 +421,7 @@ static int ClientHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext
                 ssl->err = SSL_ALERT_HANDSHAKE_FAILURE;
                 return MATRIXSSL_ERROR;
             }
+            ssl->secureRenegotiationInProgress = PS_TRUE;
         }
         else
         {
@@ -627,7 +630,7 @@ static int ClientHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext
         break;
 # endif /* USE_ECC_CIPHER_SUITE */
 
-# ifdef USE_OCSP
+# ifdef USE_OCSP_RESPONSE
     case EXT_STATUS_REQUEST:
         /*  Validation of minimum size and status_type of 1 (ocsp) */
         if (extLen < 5 || *c != 0x1)
@@ -642,7 +645,7 @@ static int ClientHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext
         dataLen += *c; c++; extLen--;
         if (dataLen + 2 > extLen)
         {
-            psTraceIntInfo("Bad cert_status_request extension: \n", extType);
+            psTraceIntInfo("Bad cert_status_request extension: %d\n", extType);
             ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
             return MATRIXSSL_ERROR;
         }
@@ -652,7 +655,7 @@ static int ClientHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext
         dataLen += *c; c++; extLen--;
         if (dataLen > extLen)
         {
-            psTraceIntInfo("Bad cert_status_request extension: \n", extType);
+            psTraceIntInfo("Bad cert_status_request extension: %d\n", extType);
             ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
             return MATRIXSSL_ERROR;
         }
@@ -671,7 +674,7 @@ static int ClientHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext
         }
 
         break;
-# endif
+# endif /* USE_OCSP_RESPONSE */
 
 
     /**************************************************************************/
@@ -1168,6 +1171,7 @@ static int ServerHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext
                 psTraceInfo("Srv had bad peer renegotiationInfo\n");
                 return MATRIXSSL_ERROR;
             }
+            ssl->secureRenegotiationInProgress = PS_TRUE;
         }
         else
         {