Support TLS_FALLBACK_SCSV.

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Bodo Moeller <bodo@openssl.org> 2014-10-15 04:05:42 +0200
committer: Bodo Moeller <bodo@openssl.org> 2014-10-15 04:05:42 +0200
commit: 6bfe55380abbf7528e04e59f18921bd6c896af1c (patch)
tree: 1398d8e3eba72f8d5e50bd0eef8ec030422a15c0 /ssl/d1_lib.c
parent: 4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 6bde16fa21..82ca653920 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -266,6 +266,16 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
 	case DTLS_CTRL_LISTEN:
 		ret = dtls1_listen(s, parg);
 		break;
+	case SSL_CTRL_CHECK_PROTO_VERSION:
+		/* For library-internal use; checks that the current protocol
+		 * is the highest enabled version (according to s->ctx->method,
+		 * as version negotiation may have changed s->method). */
+#if DTLS_MAX_VERSION != DTLS1_VERSION
+#  error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
+#endif
+		/* Just one protocol version is supported so far;
+		 * fail closed if the version is not as expected. */
+		return s->version == DTLS_MAX_VERSION;
 
 	default:
 		ret = ssl3_ctrl(s, cmd, larg, parg);
author	Bodo Moeller <bodo@openssl.org>	2014-10-15 04:05:42 +0200
committer	Bodo Moeller <bodo@openssl.org>	2014-10-15 04:05:42 +0200
commit	6bfe55380abbf7528e04e59f18921bd6c896af1c (patch)
tree	1398d8e3eba72f8d5e50bd0eef8ec030422a15c0 /ssl/d1_lib.c
parent	4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4 (diff)