From ccae4a1582efcad311d095a8e6832b2b67d5ed05 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Fri, 11 Mar 2016 17:44:01 +0300 Subject: Allow different protocol version when trying to reuse a session We now send the highest supported version by the client, even if the session uses an older version. This fixes 2 problems: - When you try to reuse a session but the other side doesn't reuse it and uses a different protocol version the connection will fail. - When you're trying to reuse a session with an old version you might be stuck trying to reuse the old version while both sides support a newer version Signed-off-by: Kurt Roeckx Reviewed-by: Viktor Dukhovni GH: #852, MR: #2452 --- ssl/ssl_locl.h | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'ssl/ssl_locl.h') diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 64f4ae9373..4a2b52d19e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -542,7 +542,6 @@ struct ssl_method_st { int (*ssl_pending) (const SSL *s); int (*num_ciphers) (void); const SSL_CIPHER *(*get_cipher) (unsigned ncipher); - const struct ssl_method_st *(*get_ssl_method) (int version); long (*get_timeout) (void); const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ int (*ssl_version) (void); @@ -1761,7 +1760,7 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; #define SSL_METHOD_NO_SUITEB (1U<<1) # define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, s_get_meth, enc_data) \ + s_connect, enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1789,7 +1788,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ tls1_default_timeout, \ &enc_data, \ ssl_undefined_void_function, \ @@ -1799,7 +1797,7 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } -# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1827,7 +1825,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ ssl3_default_timeout, \ &SSLv3_enc_data, \ ssl_undefined_void_function, \ @@ -1838,7 +1835,7 @@ const SSL_METHOD *func_name(void) \ } # define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, s_get_meth, enc_data) \ + s_connect, enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1866,7 +1863,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ dtls1_default_timeout, \ &enc_data, \ ssl_undefined_void_function, \ @@ -1996,6 +1992,8 @@ __owur int ssl3_handshake_write(SSL *s); __owur int ssl_allow_compression(SSL *s); +__owur int ssl_version_supported(const SSL *s, int version); + __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); -- cgit v1.2.3