diff options
author | Mark J. Cox <mark@openssl.org> | 1999-02-16 09:22:21 +0000 |
---|---|---|
committer | Mark J. Cox <mark@openssl.org> | 1999-02-16 09:22:21 +0000 |
commit | 413c4f45ed0508d2242638696b7665f499d68265 (patch) | |
tree | 5a5e667f7fc9cb548ab3b24dd02fff78e1b8f282 /ssl/s23_srvr.c | |
parent | a8236c8c322101c273d14c62282f264555e147c4 (diff) |
Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Fix so that the version number in the master secret, when passed
via RSA, checks that if TLS was proposed, but we roll back to SSLv3
(because the server will not accept higher), that the version number
is 0x03,0x01, not 0x03,0x00
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Submitted by:
Reviewed by:
PR:
Diffstat (limited to 'ssl/s23_srvr.c')
-rw-r--r-- | ssl/s23_srvr.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 6c8afeb857..d1f49e5ac3 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -134,6 +134,7 @@ SSL *s; case SSL_ST_BEFORE|SSL_ST_ACCEPT: case SSL_ST_OK|SSL_ST_ACCEPT: + s->server=1; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); /* s->version=SSL3_VERSION; */ @@ -157,7 +158,7 @@ SSL *s; ssl3_init_finished_mac(s); s->state=SSL23_ST_SR_CLNT_HELLO_A; - s->ctx->sess_accept++; + s->ctx->stats.sess_accept++; s->init_num=0; break; @@ -203,8 +204,10 @@ SSL *s; unsigned int csl,sil,cl; int n=0,j,tls1=0; int type=0,use_sslv2_strong=0; + int v[2]; /* read the initial header */ + v[0]=v[1]=0; if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { if (!ssl3_setup_buffers(s)) goto err; @@ -221,12 +224,14 @@ SSL *s; /* SSLv2 header */ if ((p[3] == 0x00) && (p[4] == 0x02)) { + v[0]=p[3]; v[1]=p[4]; /* SSLv2 */ if (!(s->options & SSL_OP_NO_SSLv2)) type=1; } else if (p[3] == SSL3_VERSION_MAJOR) { + v[0]=p[3]; v[1]=p[4]; /* SSLv3/TLSv1 */ if (p[4] >= TLS1_VERSION_MINOR) { @@ -307,6 +312,7 @@ SSL *s; (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO)) { + v[0]=p[1]; v[1]=p[2]; /* true SSLv3 or tls1 */ if (p[2] >= TLS1_VERSION_MINOR) { @@ -486,6 +492,7 @@ next_bit: s->version=SSL3_VERSION; s->method=SSLv3_server_method(); } + s->client_version=(v[0]<<8)|v[1]; s->handshake_func=s->method->ssl_accept; } |