548654 - libssl: handshake failure alert is set twice upon unsuccessful extension parsing. r=wtc
authoralexei.volkov.bugs%sun.com
Fri, 26 Feb 2010 19:25:44 +0000
changeset 9571 f40bb751b86f87b298d25c238ff903d6f1df5cc5
parent 9570 7bd15d543d578282f542fe54c02855d9bcc0088c
child 9572 409102442c953a3708a866160d118ba36c64713a
push idunknown
push userunknown
push dateunknown
reviewerswtc
bugs548654
548654 - libssl: handshake failure alert is set twice upon unsuccessful extension parsing. r=wtc
security/nss/lib/ssl/ssl3ext.c
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -1496,18 +1496,16 @@ ssl3_HandleRenegotiationInfoXtn(sslSocke
     if (ss->firstHsDone) {
 	len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes 
 	                       : ss->ssl3.hs.finishedBytes * 2;
     }
     if (data->len != 1 + len  ||
 	data->data[0] != len  || (len && 
 	NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
 	                 data->data + 1, len))) {
-	/* Can we do this here? Or, must we arrange for the caller to do it? */
-	(void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
 	PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
 	return SECFailure;
     }
     /* remember that we got this extension and it was correct. */
     ss->peerRequestedProtection = 1;
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     if (ss->sec.isServer) {
 	/* prepare to send back the appropriate response */