Fix NPN implementation for renegotiation.
(Problem pointed out by Ben Murphy.)
Submitted by: Adam Langley
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 5597e13..a32978b 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -465,7 +465,7 @@
#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
s->state=SSL3_ST_CW_FINISHED_A;
#else
- if (s->next_proto_negotiated)
+ if (s->s3->next_proto_neg_seen)
s->state=SSL3_ST_CW_NEXT_PROTO_A;
else
s->state=SSL3_ST_CW_FINISHED_A;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7b54dc9..92eb35b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -836,6 +836,9 @@
s->servername_done = 0;
s->tlsext_status_type = -1;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ s->s3->next_proto_neg_seen = 0;
+#endif
if (data >= (d+n-2))
goto ri_check;
@@ -1305,6 +1308,10 @@
int tlsext_servername = 0;
int renegotiate_seen = 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ s->s3->next_proto_neg_seen = 0;
+#endif
+
if (data >= (d+n-2))
goto ri_check;
@@ -1431,7 +1438,8 @@
s->tlsext_status_expected = 1;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
- else if (type == TLSEXT_TYPE_next_proto_neg)
+ else if (type == TLSEXT_TYPE_next_proto_neg &&
+ s->s3->tmp.finish_md_len == 0)
{
unsigned char *selected;
unsigned char selected_len;
@@ -1461,6 +1469,7 @@
}
memcpy(s->next_proto_negotiated, selected, selected_len);
s->next_proto_negotiated_len = selected_len;
+ s->s3->next_proto_neg_seen = 1;
}
#endif
else if (type == TLSEXT_TYPE_renegotiate)
