TLS: Don't check CCS status for hello_request
1 files changed, 14 insertions, 15 deletions
diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs
index 72151d414..bbb76d53c 100644
--- a/crypto/src/crypto/tls/TlsProtocol.cs
+++ b/crypto/src/crypto/tls/TlsProtocol.cs
@@ -391,31 +391,30 @@ namespace Org.BouncyCastle.Crypto.Tls
if (queue.Available < totalLength)
break;
- CheckReceivedChangeCipherSpec(mConnectionState == CS_END || type == HandshakeType.finished);
-
/*
* RFC 2246 7.4.9. The value handshake_messages includes all handshake messages
* starting at client hello up to, but not including, this finished message.
* [..] Note: [Also,] Hello Request messages are omitted from handshake hashes.
*/
- switch (type)
- {
- case HandshakeType.hello_request:
- break;
- case HandshakeType.finished:
- default:
+ if (HandshakeType.hello_request != type)
{
- TlsContext ctx = Context;
- if (type == HandshakeType.finished
- && this.mExpectedVerifyData == null
- && ctx.SecurityParameters.MasterSecret != null)
+ if (HandshakeType.finished == type)
{
- this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer);
+ CheckReceivedChangeCipherSpec(true);
+
+ TlsContext ctx = Context;
+ if (this.mExpectedVerifyData == null
+ && ctx.SecurityParameters.MasterSecret != null)
+ {
+ this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer);
+ }
+ }
+ else
+ {
+ CheckReceivedChangeCipherSpec(mConnectionState == CS_END);
}
queue.CopyTo(mRecordStream.HandshakeHashUpdater, totalLength);
- break;
- }
}
queue.RemoveData(4);
|
