diff options
author | Matt Caswell <matt@openssl.org> | 2024-01-18 12:07:27 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-01-31 10:10:55 +0000 |
commit | a86714041d8a5868c629e9027e28c6d1dacde5f9 (patch) | |
tree | 96df4a5229e47f62f722af3e75621492dd9761a0 | |
parent | 5fb065589d3a4dfeeb6d48b0561ab3145ceb2127 (diff) |
When selecting a method ensure we use the correct client/server version
Using the client one when the server once should be used could cause a
later call to SSL_set_accept_state() to unexpectedly fail.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
-rw-r--r-- | ssl/statem/statem_lib.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index b16864606b..7ef74b1f69 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1977,14 +1977,17 @@ int ssl_version_supported(const SSL_CONNECTION *s, int version, for (vent = table; vent->version != 0 && ssl_version_cmp(s, version, vent->version) <= 0; ++vent) { - if (vent->cmeth != NULL + const SSL_METHOD *(*thismeth)(void) = s->server ? vent->smeth + : vent->cmeth; + + if (thismeth != NULL && ssl_version_cmp(s, version, vent->version) == 0 - && ssl_method_error(s, vent->cmeth()) == 0 + && ssl_method_error(s, thismeth()) == 0 && (!s->server || version != TLS1_3_VERSION || is_tls13_capable(s))) { if (meth != NULL) - *meth = vent->cmeth(); + *meth = thismeth(); return 1; } } |