diff options
| author | Bodo Möller <bodo@openssl.org> | 2006-11-29 14:44:07 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2006-11-29 14:44:07 +0000 |
| commit | 9dc705a2ac604054bf061222cb0672488d4733b3 (patch) | |
| tree | eebcc6e6e14670c5907293263b0bb493078d0445 | |
| parent | ea474c567f7172313474ccdfffc51e27119d797f (diff) | |
fix support for receiving fragmented handshake messages
| -rw-r--r-- | CHANGES | 7 | ||||
| -rw-r--r-- | ssl/s23_clnt.c | 1 | ||||
| -rw-r--r-- | ssl/s23_srvr.c | 1 | ||||
| -rw-r--r-- | ssl/s3_pkt.c | 6 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 3 |
5 files changed, 10 insertions, 8 deletions
@@ -4,6 +4,13 @@ Changes between 0.9.7l and 0.9.7m [xx XXX xxxx] + *) Have SSL/TLS server implementation tolerate "mismatched" record + protocol version while receiving ClientHello even if the + ClientHello is fragmented. (The server can't insist on the + particular protocol version it has chosen before the ServerHello + message has informed the client about his choice.) + [Bodo Moeller] + *) Load error codes if they are not already present instead of using a static variable. This allows them to be cleanly unloaded and reloaded. [Steve Henson] diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 86356731ea..601763f4d8 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -608,7 +608,6 @@ static int ssl23_get_server_hello(SSL *s) if (!ssl_get_new_session(s,0)) goto err; - s->first_packet=1; return(SSL_connect(s)); err: return(-1); diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index b73abc448f..c4eb3276a3 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -592,7 +592,6 @@ int ssl23_get_client_hello(SSL *s) s->init_num=0; if (buf != buf_space) OPENSSL_free(buf); - s->first_packet=1; return(SSL_accept(s)); err: if (buf != buf_space) OPENSSL_free(buf); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index cb0b12b400..4476008fec 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -275,11 +275,7 @@ again: n2s(p,rr->length); /* Lets check version */ - if (s->first_packet) - { - s->first_packet=0; - } - else + if (!s->first_packet) { if (version != s->version) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 98d0a075e5..28519e584d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -662,9 +662,9 @@ static int ssl3_get_client_hello(SSL *s) */ if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { - s->first_packet=1; s->state=SSL3_ST_SR_CLNT_HELLO_B; } + s->first_packet=1; n=ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, SSL3_ST_SR_CLNT_HELLO_C, @@ -673,6 +673,7 @@ static int ssl3_get_client_hello(SSL *s) &ok); if (!ok) return((int)n); + s->first_packet=0; d=p=(unsigned char *)s->init_msg; /* use version from inside client hello, not from record header |