only send heartbeat extension from server if client sent one

commit: 5733919dbca0b2469673a38ec4290d663d594ae4 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Tue Jan 03 22:03:20 2012 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Tue Jan 03 22:03:20 2012 +0000
tree: 622d12ab86396ffcbf4d3bbaf053dbd2bab4880f
parent: b333905011f450672b85a7d7bce8a71e303309c6 [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c5c805c..e38bd9f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -812,17 +812,20 @@
 		}
 
 #ifndef OPENSSL_NO_HEARTBEATS
-	/* Add Heartbeat extension */
-	s2n(TLSEXT_TYPE_heartbeat,ret);
-	s2n(1,ret);
-	/* Set mode:
-	 * 1: peer may send requests
-	 * 2: peer not allowed to send requests
-	 */
-	if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
-		*(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-	else
-		*(ret++) = SSL_TLSEXT_HB_ENABLED;
+	/* Add Heartbeat extension if we've received one */
+	if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
+		{
+		s2n(TLSEXT_TYPE_heartbeat,ret);
+		s2n(1,ret);
+		/* Set mode:
+		 * 1: peer may send requests
+		 * 2: peer not allowed to send requests
+		 */
+		if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
+			*(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+		else
+			*(ret++) = SSL_TLSEXT_HB_ENABLED;
+		}
 #endif
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
commit	5733919dbca0b2469673a38ec4290d663d594ae4	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Tue Jan 03 22:03:20 2012 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Tue Jan 03 22:03:20 2012 +0000
tree	622d12ab86396ffcbf4d3bbaf053dbd2bab4880f
parent	b333905011f450672b85a7d7bce8a71e303309c6 [diff] [blame]