diff options
| author | Ingela Anderton Andin <[email protected]> | 2011-09-27 16:45:05 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2011-09-27 16:48:13 +0200 |
| commit | 9b7b4db9d7e5734f6c5c2193786c44cf1e273efb (patch) | |
| tree | ba9d8b0a74fc2c166036e1860e58c2f119057ee8 /lib/ssl/src | |
| parent | 5f7725dc581c7891cb41e725db50076d654511ba (diff) | |
| download | otp-9b7b4db9d7e5734f6c5c2193786c44cf1e273efb.tar.gz otp-9b7b4db9d7e5734f6c5c2193786c44cf1e273efb.tar.bz2 otp-9b7b4db9d7e5734f6c5c2193786c44cf1e273efb.zip | |
Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require
implementations to ignore data following the ClientHello (i.e.,
extensions) if they do not understand them.
Data not following the protocol format for extensions will be
ignored by the last dec_hello_extensions-clause.
OTP-8596
Diffstat (limited to 'lib/ssl/src')
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 0ac1ba9d66..f873a6a913 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -914,11 +914,12 @@ dec_hello_extensions(<<?UINT16(?RENEGOTIATION_EXT), ?UINT16(Len), Info:Len/binar end, dec_hello_extensions(Rest, [{renegotiation_info, #renegotiation_info{renegotiated_connection = RenegotiateInfo}} | Acc]); + +%% Ignore data following the ClientHello (i.e., +%% extensions) if not understood. dec_hello_extensions(<<?UINT16(_), ?UINT16(Len), _Unknown:Len/binary, Rest/binary>>, Acc) -> dec_hello_extensions(Rest, Acc); -%% Need this clause? -%% I don't think we need this clause anymore. It was previously catching parsing errors caused by the missing /binary. -%% Maybe we should be logging an error somewhere because we really should not be entering this clause. +%% This theoretically should not happen if the protocol is followed, but if it does it is ignored. dec_hello_extensions(_, Acc) -> Acc. |