aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2011-09-27 16:45:05 +0200
committerIngela Anderton Andin <[email protected]>2011-09-27 16:48:13 +0200
commit9b7b4db9d7e5734f6c5c2193786c44cf1e273efb (patch)
treeba9d8b0a74fc2c166036e1860e58c2f119057ee8 /lib/ssl
parent5f7725dc581c7891cb41e725db50076d654511ba (diff)
downloadotp-9b7b4db9d7e5734f6c5c2193786c44cf1e273efb.tar.gz
otp-9b7b4db9d7e5734f6c5c2193786c44cf1e273efb.tar.bz2
otp-9b7b4db9d7e5734f6c5c2193786c44cf1e273efb.zip
Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require
implementations to ignore data following the ClientHello (i.e., extensions) if they do not understand them. Data not following the protocol format for extensions will be ignored by the last dec_hello_extensions-clause. OTP-8596
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl_handshake.erl7
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 0ac1ba9d66..f873a6a913 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -914,11 +914,12 @@ dec_hello_extensions(<<?UINT16(?RENEGOTIATION_EXT), ?UINT16(Len), Info:Len/binar
end,
dec_hello_extensions(Rest, [{renegotiation_info,
#renegotiation_info{renegotiated_connection = RenegotiateInfo}} | Acc]);
+
+%% Ignore data following the ClientHello (i.e.,
+%% extensions) if not understood.
dec_hello_extensions(<<?UINT16(_), ?UINT16(Len), _Unknown:Len/binary, Rest/binary>>, Acc) ->
dec_hello_extensions(Rest, Acc);
-%% Need this clause?
-%% I don't think we need this clause anymore. It was previously catching parsing errors caused by the missing /binary.
-%% Maybe we should be logging an error somewhere because we really should not be entering this clause.
+%% This theoretically should not happen if the protocol is followed, but if it does it is ignored.
dec_hello_extensions(_, Acc) ->
Acc.