548654 - libssl: handshake failure alert is set twice upon unsuccessful extension parsing. r=wtc
548654 - libssl: handshake failure alert is set twice upon unsuccessful extension parsing. r=wtc
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -1496,18 +1496,16 @@ ssl3_HandleRenegotiationInfoXtn(sslSocke
if (ss->firstHsDone) {
len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
: ss->ssl3.hs.finishedBytes * 2;
}
if (data->len != 1 + len ||
data->data[0] != len || (len &&
NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
data->data + 1, len))) {
- /* Can we do this here? Or, must we arrange for the caller to do it? */
- (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
return SECFailure;
}
/* remember that we got this extension and it was correct. */
ss->peerRequestedProtection = 1;
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
if (ss->sec.isServer) {
/* prepare to send back the appropriate response */