Switch for RFC-compliant version encoding in DTLS. From HEAD with a twist:

server accepts even non-compliant encoding in order to enable interop with pre-0.9.8f clients.
author: Andy Polyakov <appro@openssl.org> 2007-09-30 18:55:59 +0000
committer: Andy Polyakov <appro@openssl.org> 2007-09-30 18:55:59 +0000
commit: c4b0d7879e01ac80db21501d69718c1ff62bbd77 (patch)
tree: 83b0b2813e9ed7f8d625213fdaf9793bb5621791 /ssl/s3_srvr.c
parent: aab1ec3f36364c9fbd3a8b24779cd8fe6d5d57eb (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8332c65be8..6dba5c1977 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -714,7 +714,8 @@ int ssl3_get_client_hello(SSL *s)
 	s->client_version=(((int)p[0])<<8)|(int)p[1];
 	p+=2;
 
-	if (s->client_version < s->version)
+	if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+	    (s->version != DTLS1_VERSION && s->client_version < s->version))
 		{
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
 		if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
@@ -765,7 +766,7 @@ int ssl3_get_client_hello(SSL *s)
 
 	p+=j;
 
-	if (SSL_version(s) == DTLS1_VERSION)
+	if (s->version == DTLS1_VERSION)
 		{
 		/* cookie stuff */
 		cookie_len = *(p++);
@@ -1748,8 +1749,9 @@ int ssl3_get_client_key_exchange(SSL *s)
 			rsa=pkey->pkey.rsa;
 			}
 
-		/* TLS */
-		if (s->version > SSL3_VERSION)
+		/* TLS and [incidentally] DTLS, including pre-0.9.8f */
+		if (s->version > SSL3_VERSION &&
+		    s->client_version != DTLS1_BAD_VER)
 			{
 			n2s(p,i);
 			if (n != i+2)
author	Andy Polyakov <appro@openssl.org>	2007-09-30 18:55:59 +0000
committer	Andy Polyakov <appro@openssl.org>	2007-09-30 18:55:59 +0000
commit	c4b0d7879e01ac80db21501d69718c1ff62bbd77 (patch)
tree	83b0b2813e9ed7f8d625213fdaf9793bb5621791 /ssl/s3_srvr.c
parent	aab1ec3f36364c9fbd3a8b24779cd8fe6d5d57eb (diff)