From 703c0db894908fb20cada344b8b44a40f9e35818 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 30 Dec 2011 18:29:55 +0100
Subject: Check for cipherspec changes after each handshake message

---
 src/libtls/tls_fragmentation.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/libtls/tls_fragmentation.c')

diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c
index 0c3da71ad..62e36aaec 100644
--- a/src/libtls/tls_fragmentation.c
+++ b/src/libtls/tls_fragmentation.c
@@ -325,8 +325,12 @@ static status_t build_handshake(private_tls_fragmentation_t *this)
 				msg->write_data24(msg, hs->get_buf(hs));
 				DBG2(DBG_TLS, "sending TLS %N handshake (%u bytes)",
 					 tls_handshake_type_names, type, hs->get_buf(hs).len);
-				hs->destroy(hs);
-				continue;
+				if (!this->handshake->cipherspec_changed(this->handshake, FALSE))
+				{
+					hs->destroy(hs);
+					continue;
+				}
+				/* FALL */
 			case INVALID_STATE:
 				this->output_type = TLS_HANDSHAKE;
 				this->output = chunk_clone(msg->get_buf(msg));
-- 
cgit v1.2.3