From fff7faf1917867f66227260f1ff89df2ee8edf68 Mon Sep 17 00:00:00 2001
From: Martin Nilsson <nilsson@opera.com>
Date: Tue, 31 Mar 2015 19:05:16 +0200
Subject: [PATCH] Don't process any more handshake packages once handshake is
 completed.

---
 lib/modules/SSL.pmod/Connection.pike | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/modules/SSL.pmod/Connection.pike b/lib/modules/SSL.pmod/Connection.pike
index 93e48e45ee..e04146c2a3 100644
--- a/lib/modules/SSL.pmod/Connection.pike
+++ b/lib/modules/SSL.pmod/Connection.pike
@@ -901,6 +901,19 @@ string(8bit)|int got_data(string(8bit) data)
 	     return err;
 	   if (err > 0) {
 	     state &= ~CONNECTION_handshaking;
+             if( expect_change_cipher && sizeof(handshake_buffer) )
+             {
+               send_packet(alert(ALERT_fatal, ALERT_unexpected_message,
+                                 "Extraneous handshake packets.\n"));
+               return -1;
+             }
+             if( !secure_renegotiation && sizeof(handshake_buffer) )
+             {
+               send_packet(alert(ALERT_fatal, ALERT_no_renegotiation,
+                                 "Renegotiation not supported in unsecure "
+                                 "mode.\n"));
+               return -1;
+             }
 	   }
 	 }
 	 break;
-- 
GitLab