diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-12-08 13:15:38 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-12-08 13:15:38 +0000 |
| commit | 7a014dceb61236803270f5c6022b82a2c656e0a1 (patch) | |
| tree | 9b5ee21cc9be0f68ab0d003aaa42a81244e3340e /ssl/s3_clnt.c | |
| parent | 1ff44a99a40567eec99efbc6059872e7912a89b9 (diff) | |
Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
Diffstat (limited to 'ssl/s3_clnt.c')
| -rw-r--r-- | ssl/s3_clnt.c | 19 |
1 files changed, 3 insertions, 16 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d738afbff4..9232daf6ba 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -144,9 +144,6 @@ static SSL_METHOD *ssl3_get_client_method(int ver); static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); -#ifndef OPENSSL_NO_TLSEXT -static int ssl3_check_finished(SSL *s); -#endif #ifndef OPENSSL_NO_ECDH static int curve_id2nid(int curve_id); @@ -861,7 +858,7 @@ int ssl3_get_server_hello(SSL *s) #endif #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ - if (s->version > SSL3_VERSION && s->version != DTLS1_VERSION && s->version != DTLS1_BAD_VER) + if (s->version >= SSL3_VERSION) { if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) { @@ -875,17 +872,6 @@ int ssl3_get_server_hello(SSL *s) goto err; } } - - /* DTLS extensions */ - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) - { - if (!ssl_parse_serverhello_dtlsext(s,&p,d,n, &al)) - { - /* 'al' set by ssl_parse_serverhello_dtlsext */ - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); - goto f_err; - } - } #endif @@ -1732,6 +1718,7 @@ int ssl3_get_new_session_ticket(SSL *s) SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); goto f_err; } + p=d=(unsigned char *)s->init_msg; n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); @@ -2735,7 +2722,7 @@ static int curve_id2nid(int curve_id) */ #ifndef OPENSSL_NO_TLSEXT -static int ssl3_check_finished(SSL *s) +int ssl3_check_finished(SSL *s) { int ok; long n; |