When selecting a method ensure we use the correct client/server version

Using the client one when the server once should be used could cause a later call to SSL_set_accept_state() to unexpectedly fail. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23256)
author: Matt Caswell <matt@openssl.org> 2024-01-18 12:07:27 +0000
committer: Matt Caswell <matt@openssl.org> 2024-01-31 10:10:55 +0000
commit: a86714041d8a5868c629e9027e28c6d1dacde5f9 (patch)
tree: 96df4a5229e47f62f722af3e75621492dd9761a0
parent: 5fb065589d3a4dfeeb6d48b0561ab3145ceb2127 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index b16864606b..7ef74b1f69 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1977,14 +1977,17 @@ int ssl_version_supported(const SSL_CONNECTION *s, int version,
     for (vent = table;
          vent->version != 0 && ssl_version_cmp(s, version, vent->version) <= 0;
          ++vent) {
-        if (vent->cmeth != NULL
+        const SSL_METHOD *(*thismeth)(void) = s->server ? vent->smeth
+                                                        : vent->cmeth;
+
+        if (thismeth != NULL
                 && ssl_version_cmp(s, version, vent->version) == 0
-                && ssl_method_error(s, vent->cmeth()) == 0
+                && ssl_method_error(s, thismeth()) == 0
                 && (!s->server
                     || version != TLS1_3_VERSION
                     || is_tls13_capable(s))) {
             if (meth != NULL)
-                *meth = vent->cmeth();
+                *meth = thismeth();
             return 1;
         }
     }
author	Matt Caswell <matt@openssl.org>	2024-01-18 12:07:27 +0000
committer	Matt Caswell <matt@openssl.org>	2024-01-31 10:10:55 +0000
commit	a86714041d8a5868c629e9027e28c6d1dacde5f9 (patch)
tree	96df4a5229e47f62f722af3e75621492dd9761a0
parent	5fb065589d3a4dfeeb6d48b0561ab3145ceb2127 (diff)