Address feedback on SSLv2 ClientHello processing

Feedback on the previous SSLv2 ClientHello processing fix was that it breaks layering by reading init_num in the record layer. It also does not detect if there was a previous non-fatal warning. This is an alternative approach that directly tracks in the record layer whether this is the first record. GitHub Issue #1298 Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-08-01 17:15:13 +0100
committer: Matt Caswell <matt@openssl.org> 2016-08-15 23:14:30 +0100
commit: 44efb88a21d464dba3ac5084c8d4553d696fab33 (patch)
tree: 35bda8b646b39ccc7d1916a5ee7c66777afba44b /ssl/record/record.h
parent: c35d339d98f969aa88b75124389ba86344eb7e2a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/record/record.h b/ssl/record/record.h
index 9177fb4be5..ce60a1508f 100644
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -199,6 +199,9 @@ typedef struct record_layer_st {
     unsigned char read_sequence[SEQ_NUM_SIZE];
     unsigned char write_sequence[SEQ_NUM_SIZE];
 
+    /* Set to true if this is the first record in a connection */
+    unsigned int is_first_record;
+
     DTLS_RECORD_LAYER *d;
 } RECORD_LAYER;
author	Matt Caswell <matt@openssl.org>	2016-08-01 17:15:13 +0100
committer	Matt Caswell <matt@openssl.org>	2016-08-15 23:14:30 +0100
commit	44efb88a21d464dba3ac5084c8d4553d696fab33 (patch)
tree	35bda8b646b39ccc7d1916a5ee7c66777afba44b /ssl/record/record.h
parent	c35d339d98f969aa88b75124389ba86344eb7e2a (diff)