summaryrefslogtreecommitdiffstats
path: root/ssl/statem/extensions_srvr.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2017-11-03 16:38:48 +0000
committerMatt Caswell <matt@openssl.org>2017-12-14 15:06:37 +0000
commit88050dd1960bfaba7ede12a3ce1afe40f5deb124 (patch)
tree4f3f8bcce1f05fe4bf2b55068ad2112c7ce88fac /ssl/statem/extensions_srvr.c
parent86b165e39fa94d4eceb9bb1611350b949fea7cc9 (diff)
Update ServerHello to new draft-22 format
The new ServerHello format is essentially now the same as the old TLSv1.2 one, but it must additionally include supported_versions. The version field is fixed at TLSv1.2, and the version negotiation happens solely via supported_versions. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'ssl/statem/extensions_srvr.c')
-rw-r--r--ssl/statem/extensions_srvr.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index b07376fe9e..93ac98f116 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1213,6 +1213,27 @@ EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_SENT;
}
+EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
+ unsigned int context, X509 *x,
+ size_t chainidx)
+{
+ if (!SSL_IS_TLS13(s))
+ return EXT_RETURN_NOT_SENT;
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
+ || !WPACKET_close(pkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
+ ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+
+ return EXT_RETURN_SENT;
+}
+
EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-11 09:24:57 +0000