Server Side Secure Renegotiation

1. Fix spelling typo in a comment. 2. Correct the server's check of its secure renegotiation extension.
2025-08-04 13:14:45 +02:00 · 2018-11-28 10:53:44 -08:00
parent 0abf7c4997
commit 69436b6d41
2 changed files with 8 additions and 10 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -21119,7 +21119,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        if (IsEncryptionOn(ssl, 1))
            sendSz += MAX_MSG_EXTRA;

-        /* check for avalaible size */
+        /* check for available size */
        if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
            return ret;

--- a/src/tls.c
+++ b/src/tls.c
@@ -4349,16 +4349,10 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
        if (isRequest) {
        #ifndef NO_WOLFSSL_SERVER
            if (ssl->secure_renegotiation == NULL) {
-                if (*input == 0) {
-                    ret = 0;
-                }
-                else {
-                    /* already in error state */
-                    WOLFSSL_MSG("SCR client verify data present");
-                }
+                /* already in error state */
+                WOLFSSL_MSG("server SCR not available");
            }
-            else if (ssl->secure_renegotiation->enabled) {
-
+            else if (!ssl->secure_renegotiation->enabled) {
                if (*input == 0) {
                    input++; /* get past size */

@@ -4366,6 +4360,10 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
                    TLSX_SetResponse(ssl, TLSX_RENEGOTIATION_INFO);
                    ret = 0;
                }
+                else {
+                    /* already in error state */
+                    WOLFSSL_MSG("SCR client verify data present");
+                }
            }
            else if (*input == TLS_FINISHED_SZ) {
                input++; /* get past size */