Simplify RI+SCSV logic: 1. Send SCSV is not renegotiating, never empty RI. 2. Send RI if renegotiating.

commit: 423c66f10e3762643020601bf76cec3309f1474d [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Thu Jan 07 19:04:52 2010 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Thu Jan 07 19:04:52 2010 +0000
tree: 186b81a819e84f3af59f5d7164f20152ce1b392f
parent: 74f22606942d1740ca1d9c20d8f69098725f3a9f [diff]
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ee01a2c..6142b08 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1370,10 +1370,9 @@
 		p+=j;
 		}
 	/* If p == q, no ciphers and caller indicates an error. Otherwise
-	 * add SCSV if no extensions (i.e. SSL3 is client_version)
-	 * since spec RECOMMENDS not sending both RI and SCSV.
+	 * add SCSV if not renegotiating.
 	 */
-	if (p != q && !s->new_session && s->client_version == SSL3_VERSION)
+	if (p != q && !s->new_session)
 		{
 		static SSL_CIPHER scsv =
 			{

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c467034..b50d2a5 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -316,8 +316,9 @@
 		ret+=size_str;
 		}
 
-        /* Add the renegotiation option: TODOEKR switch */
-        {
+        /* Add RI if renegotiating */
+        if (s->new_session)
+          {
           int el;
           
           if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
commit	423c66f10e3762643020601bf76cec3309f1474d	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Thu Jan 07 19:04:52 2010 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Thu Jan 07 19:04:52 2010 +0000
tree	186b81a819e84f3af59f5d7164f20152ce1b392f
parent	74f22606942d1740ca1d9c20d8f69098725f3a9f [diff]