diff options
author | Fedor Indutny <fedor@indutny.com> | 2016-03-11 17:44:01 +0300 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2016-03-27 23:58:50 +0200 |
commit | ccae4a1582efcad311d095a8e6832b2b67d5ed05 (patch) | |
tree | a07c60e09166c40dcd6142f4c37888cb570f6ef1 /ssl/ssl_locl.h | |
parent | ce84456ddf4e57c18a84858755b8b90c183a270e (diff) |
Allow different protocol version when trying to reuse a session
We now send the highest supported version by the client, even if the session
uses an older version.
This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
stuck trying to reuse the old version while both sides support a newer
version
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
GH: #852, MR: #2452
Diffstat (limited to 'ssl/ssl_locl.h')
-rw-r--r-- | ssl/ssl_locl.h | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 64f4ae9373..4a2b52d19e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -542,7 +542,6 @@ struct ssl_method_st { int (*ssl_pending) (const SSL *s); int (*num_ciphers) (void); const SSL_CIPHER *(*get_cipher) (unsigned ncipher); - const struct ssl_method_st *(*get_ssl_method) (int version); long (*get_timeout) (void); const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ int (*ssl_version) (void); @@ -1761,7 +1760,7 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; #define SSL_METHOD_NO_SUITEB (1U<<1) # define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, s_get_meth, enc_data) \ + s_connect, enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1789,7 +1788,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ tls1_default_timeout, \ &enc_data, \ ssl_undefined_void_function, \ @@ -1799,7 +1797,7 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } -# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1827,7 +1825,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ ssl3_default_timeout, \ &SSLv3_enc_data, \ ssl_undefined_void_function, \ @@ -1838,7 +1835,7 @@ const SSL_METHOD *func_name(void) \ } # define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, s_get_meth, enc_data) \ + s_connect, enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1866,7 +1863,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ dtls1_default_timeout, \ &enc_data, \ ssl_undefined_void_function, \ @@ -1996,6 +1992,8 @@ __owur int ssl3_handshake_write(SSL *s); __owur int ssl_allow_compression(SSL *s); +__owur int ssl_version_supported(const SSL *s, int version); + __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); |