Fix version handling so it can cope with a major version >3.

Although it will be many years before TLS v2.0 or later appears old versions of servers have a habit of hanging around for a considerable time so best if we handle this properly now.
author: Dr. Stephen Henson <steve@openssl.org> 2010-01-13 19:08:02 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-01-13 19:08:02 +0000
commit: bd5f21a4aea1ffb59f35c1c9ccb6e591fe5b8b88 (patch)
tree: 6cb98e9aa0a9b6838dcde5de54c1c4afbb54e2d9 /ssl/s23_srvr.c
parent: 1b31b5ad560b16e2fe1cad54a755e3e6b5e778a3 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 03efdf74c1..05e4e0b47b 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -323,7 +323,7 @@ int ssl23_get_client_hello(SSL *s)
 			 (p[1] == SSL3_VERSION_MAJOR) &&
 			 (p[5] == SSL3_MT_CLIENT_HELLO) &&
 			 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
-				|| (p[9] == p[1])))
+				|| (p[9] >= p[1])))
 			{
 			/*
 			 * SSLv3 or tls1 header
@@ -347,6 +347,13 @@ int ssl23_get_client_hello(SSL *s)
 				v[1] = TLS1_VERSION_MINOR;
 #endif
 				}
+			/* if major version number > 3 set minor to a value
+			 * which will use the highest version 3 we support.
+			 * If TLS 2.0 ever appears we will need to revise
+			 * this....
+			 */
+			else if (p[9] > SSL3_VERSION_MAJOR)
+				v[1]=0xff;
 			else
 				v[1]=p[10]; /* minor version according to client_version */
 			if (v[1] >= TLS1_VERSION_MINOR)
author	Dr. Stephen Henson <steve@openssl.org>	2010-01-13 19:08:02 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-01-13 19:08:02 +0000
commit	bd5f21a4aea1ffb59f35c1c9ccb6e591fe5b8b88 (patch)
tree	6cb98e9aa0a9b6838dcde5de54c1c4afbb54e2d9 /ssl/s23_srvr.c
parent	1b31b5ad560b16e2fe1cad54a755e3e6b5e778a3 (diff)