Check for cipherspec changes after each handshake message

author: Martin Willi <martin@revosec.ch> 2011-12-30 18:29:55 +0100
committer: Martin Willi <martin@revosec.ch> 2011-12-31 13:14:49 +0100
commit: 703c0db894908fb20cada344b8b44a40f9e35818 (patch)
tree: d15758e564f1c5e781c63275142a2e74249a3470 /src/libtls/tls_fragmentation.c
parent: 4caa380625e583c9bad5b9333e65ef1f9486bb2a (diff)
download: strongswan-703c0db894908fb20cada344b8b44a40f9e35818.tar.bz2
strongswan-703c0db894908fb20cada344b8b44a40f9e35818.tar.xz
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c
index 0c3da71ad..62e36aaec 100644
--- a/src/libtls/tls_fragmentation.c
+++ b/src/libtls/tls_fragmentation.c
@@ -325,8 +325,12 @@ static status_t build_handshake(private_tls_fragmentation_t *this)
 				msg->write_data24(msg, hs->get_buf(hs));
 				DBG2(DBG_TLS, "sending TLS %N handshake (%u bytes)",
 					 tls_handshake_type_names, type, hs->get_buf(hs).len);
-				hs->destroy(hs);
-				continue;
+				if (!this->handshake->cipherspec_changed(this->handshake, FALSE))
+				{
+					hs->destroy(hs);
+					continue;
+				}
+				/* FALL */
 			case INVALID_STATE:
 				this->output_type = TLS_HANDSHAKE;
 				this->output = chunk_clone(msg->get_buf(msg));
author	Martin Willi <martin@revosec.ch>	2011-12-30 18:29:55 +0100
committer	Martin Willi <martin@revosec.ch>	2011-12-31 13:14:49 +0100
commit	703c0db894908fb20cada344b8b44a40f9e35818 (patch)
tree	d15758e564f1c5e781c63275142a2e74249a3470 /src/libtls/tls_fragmentation.c
parent	4caa380625e583c9bad5b9333e65ef1f9486bb2a (diff)
download	strongswan-703c0db894908fb20cada344b8b44a40f9e35818.tar.bz2 strongswan-703c0db894908fb20cada344b8b44a40f9e35818.tar.xz