diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-11 13:37:52 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-11 13:37:52 +0000 |
| commit | 9472baae0d17ddf425f891a3154057356217af08 (patch) | |
| tree | 8ceed735328184e381c811fe0913264f1327fea1 /ssl/s23_srvr.c | |
| parent | ae17b9ecd5d243c93b071c6be309b4f230a1aa52 (diff) | |
Backport TLS v1.2 support from HEAD.
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
Diffstat (limited to 'ssl/s23_srvr.c')
| -rw-r--r-- | ssl/s23_srvr.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 390b99bf56..b21c57a117 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -130,6 +130,8 @@ static const SSL_METHOD *ssl23_get_server_method(int ver) return(TLSv1_server_method()); else if (ver == TLS1_1_VERSION) return(TLSv1_1_server_method()); + else if (ver == TLS1_2_VERSION) + return(TLSv1_2_server_method()); else return(NULL); } @@ -285,10 +287,17 @@ int ssl23_get_client_hello(SSL *s) /* SSLv3/TLSv1 */ if (p[4] >= TLS1_VERSION_MINOR) { - if (p[4] >= TLS1_1_VERSION_MINOR && + if (p[4] >= TLS1_2_VERSION_MINOR && + !(s->options & SSL_OP_NO_TLSv1_2)) + { + s->version=TLS1_2_VERSION; + s->state=SSL23_ST_SR_CLNT_HELLO_B; + } + else if (p[4] >= TLS1_1_VERSION_MINOR && !(s->options & SSL_OP_NO_TLSv1_1)) { s->version=TLS1_1_VERSION; + /* type=2; */ /* done later to survive restarts */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } else if (!(s->options & SSL_OP_NO_TLSv1)) @@ -358,7 +367,13 @@ int ssl23_get_client_hello(SSL *s) v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { - if (v[1] >= TLS1_1_VERSION_MINOR && + if (v[1] >= TLS1_2_VERSION_MINOR && + !(s->options & SSL_OP_NO_TLSv1_2)) + { + s->version=TLS1_2_VERSION; + type=3; + } + else if (v[1] >= TLS1_1_VERSION_MINOR && !(s->options & SSL_OP_NO_TLSv1_1)) { s->version=TLS1_1_VERSION; @@ -581,8 +596,9 @@ int ssl23_get_client_hello(SSL *s) s->s3->rbuf.left=0; s->s3->rbuf.offset=0; } - - if (s->version == TLS1_1_VERSION) + if (s->version == TLS1_2_VERSION) + s->method = TLSv1_2_server_method(); + else if (s->version == TLS1_1_VERSION) s->method = TLSv1_1_server_method(); else if (s->version == TLS1_VERSION) s->method = TLSv1_server_method(); |