ssl3_get_client_hello: rearrange logic

Move all packet parsing to the beginning of the method. This limits the SSLv2 compatibility soup to the parsing, and makes the rest of the processing uniform. This is also needed for simpler EMS support: EMS servers need to do an early scan for EMS to make resumption decisions. This'll be easier when the entire ClientHello is parsed in the beginning. As a side effect, 1) PACKETize ssl_get_prev_session and tls1_process_ticket; and 2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG. Reviewed-by: Matt Caswell <matt@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2015-09-30 15:33:12 +0200
committer: Emilia Kasper <emilia@openssl.org> 2015-10-05 19:03:52 +0200
commit: b3e2272c59a5720467045e2ae62940fdb708ce76 (patch)
tree: 9d61dfbedf4c9b1f7cf0e52fde863c07f8d9963c /include
parent: 2ff00bdbc4aad268e07df82541ff4a16b1f91fe8 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 8fa9363304..4b21d0f2ed 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -359,6 +359,7 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
 /* Allow initial connection to servers that don't support RI */
 # define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
 /* Removed from OpenSSL 0.9.8q and 1.0.0c */
+/* Dead forever, see CVE-2010-4180. */
 # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0L
 # define SSL_OP_TLSEXT_PADDING                           0x00000010L
 # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
author	Emilia Kasper <emilia@openssl.org>	2015-09-30 15:33:12 +0200
committer	Emilia Kasper <emilia@openssl.org>	2015-10-05 19:03:52 +0200
commit	b3e2272c59a5720467045e2ae62940fdb708ce76 (patch)
tree	9d61dfbedf4c9b1f7cf0e52fde863c07f8d9963c /include
parent	2ff00bdbc4aad268e07df82541ff4a16b1f91fe8 (diff)