* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_server_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
- * appropriate cast. This also means that "adresses" computed as offsets
+ * appropriate cast. This also means that "addresses" computed as offsets
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_server_context *)ENG)
}
}
+\ Read and drop ClientHello. This is used when a client-triggered
+\ renegotiation attempt is rejected.
+: skip-ClientHello ( -- )
+ read-handshake-header-core
+ 1 = ifnot ERR_UNEXPECTED fail then
+ dup skip-blob drop ;
+
\ Read ClientHello. If the session is resumed, then -1 is returned.
: read-ClientHello ( -- resume )
\ Get header, and check message type.
\ suites are filtered out. In particular:
\ -- ECDHE suites are removed if there is no common hash function
\ (for the relevant signature algorithm) or no common curve.
- \ -- TLS-1.2-only suites are removed if the negociated version is
+ \ -- TLS-1.2-only suites are removed if the negotiated version is
\ TLS-1.1 or lower.
addr-client_suites dup >css-off
begin dup css-max < while
\ The best we can do is ask for a
\ renegotiation, then wait for it
\ to happen.
+ 0 addr-application_data set8
send-HelloRequest
then
endof
\ "no renegotiation" flag is set.
drop
addr-reneg get8 1 = 1 flag? or if
+ skip-ClientHello
flush-record
begin can-output? not while
wait-co drop
repeat
100 send-warning
+ \ Put back connection in "application
+ \ data" state: it's not dead yet.
+ 1 addr-application_data set8
+ 23 addr-record_type_out set8
else
0 do-handshake
then
projects / BearSSL / blobdiff