Prevent SSL downgrade during redirect

warmcat · Feb 23, 2017 · 2e1dcc5 · 2e1dcc5
1 parent 3db9eca
commit 2e1dcc5
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lib/client.c b/lib/client.c
@@ -521,6 +521,13 @@ lws_client_interpret_server_handshake(struct lws *wsi)
 			}
 		}
 
+#ifdef LWS_OPENSSL_SUPPORT
+		if (wsi->use_ssl && !ssl) {
+			cce = "HS: Redirect attempted SSL downgrade";
+			goto bail3;
+		}
+#endif
+
 		if (!lws_client_reset(&wsi, ssl, ads, port, path, ads)) {
 			/* there are two ways to fail out with NULL return...
 			 * simple, early problem where the wsi is intact, or