From: Martin Willi <martin@revosec.ch>
Date: Fri, 30 Dec 2011 17:29:55 +0000 (+0100)
Subject: Check for cipherspec changes after each handshake message
X-Git-Tag: 4.6.2~68
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=703c0db894908fb20cada344b8b44a40f9e35818;p=thirdparty%2Fstrongswan.git

Check for cipherspec changes after each handshake message
---

diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c
index 0c3da71ad7..62e36aaec7 100644
--- a/src/libtls/tls_fragmentation.c
+++ b/src/libtls/tls_fragmentation.c
@@ -325,8 +325,12 @@ static status_t build_handshake(private_tls_fragmentation_t *this)
 				msg->write_data24(msg, hs->get_buf(hs));
 				DBG2(DBG_TLS, "sending TLS %N handshake (%u bytes)",
 					 tls_handshake_type_names, type, hs->get_buf(hs).len);
-				hs->destroy(hs);
-				continue;
+				if (!this->handshake->cipherspec_changed(this->handshake, FALSE))
+				{
+					hs->destroy(hs);
+					continue;
+				}
+				/* FALL */
 			case INVALID_STATE:
 				this->output_type = TLS_HANDSHAKE;
 				this->output = chunk_clone(msg->get_buf(msg));