diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-25 11:43:17 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-25 11:43:17 +0000 |
| commit | 277f8a34f4041fb9e7b00e998e079d7fecd075a9 (patch) | |
| tree | 616e616fb31ecca3eb5ebbcfeec81a50b2f4410d /ssl/s3_clnt.c | |
| parent | 4dde470865ae2421e4ebd55e936ddb25238608a2 (diff) | |
use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS
Diffstat (limited to 'ssl/s3_clnt.c')
| -rw-r--r-- | ssl/s3_clnt.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index fd131a6df8..2f4b57e096 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -910,7 +910,7 @@ int ssl3_get_server_hello(SSL *s) /* Don't digest cached records if TLS v1.2: we may need them for * client authentication. */ - if (s->version < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) + if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) goto f_err; /* lets get the compression algorithm */ /* COMPRESSION */ @@ -1641,7 +1641,7 @@ int ssl3_get_key_exchange(SSL *s) /* if it was signed, check the signature */ if (pkey != NULL) { - if (s->version >= TLS1_2_VERSION) + if (TLS1_get_version(s) >= TLS1_2_VERSION) { int sigalg = tls12_get_sigid(pkey); /* Should never happen */ @@ -1686,7 +1686,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } #ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA && s->version < TLS1_2_VERSION) + if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { int num; @@ -1846,8 +1846,7 @@ int ssl3_get_certificate_request(SSL *s) for (i=0; i<ctype_num; i++) s->s3->tmp.ctype[i]= p[i]; p+=ctype_num; - /* HACK! For now just skip over signatature algorithms */ - if (s->version >= TLS1_2_VERSION) + if (TLS1_get_version(s) >= TLS1_2_VERSION) { n2s(p, llen); /* Check we have enough room for signature algorithms and @@ -2868,7 +2867,7 @@ int ssl3_send_client_verify(SSL *s) EVP_PKEY_sign_init(pctx); if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) { - if (s->version < TLS1_2_VERSION) + if (TLS1_get_version(s) < TLS1_2_VERSION) s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, &(data[MD5_DIGEST_LENGTH])); @@ -2880,7 +2879,7 @@ int ssl3_send_client_verify(SSL *s) /* For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ - if (s->version >= TLS1_2_VERSION) + if (TLS1_get_version(s) >= TLS1_2_VERSION) { long hdatalen = 0; void *hdata; |