79249339a7
CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling
28 lines
1018 B
Diff
28 lines
1018 B
Diff
Fix handling of future TLS versions.
|
|
diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.tlsver openssl-1.0.0-beta4/ssl/s23_srvr.c
|
|
--- openssl-1.0.0-beta4/ssl/s23_srvr.c.tlsver 2010-01-12 22:20:15.000000000 +0100
|
|
+++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2010-01-13 22:02:47.000000000 +0100
|
|
@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s)
|
|
(p[1] == SSL3_VERSION_MAJOR) &&
|
|
(p[5] == SSL3_MT_CLIENT_HELLO) &&
|
|
((p[3] == 0 && p[4] < 5 /* silly record length? */)
|
|
- || (p[9] == p[1])))
|
|
+ || (p[9] >= p[1])))
|
|
{
|
|
/*
|
|
* SSLv3 or tls1 header
|
|
@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s)
|
|
v[1] = TLS1_VERSION_MINOR;
|
|
#endif
|
|
}
|
|
+ /* if major version number > 3 set minor to a value
|
|
+ * which will use the highest version 3 we support.
|
|
+ * If TLS 2.0 ever appears we will need to revise
|
|
+ * this....
|
|
+ */
|
|
+ else if (p[9] > SSL3_VERSION_MAJOR)
|
|
+ v[1]=0xff;
|
|
else
|
|
v[1]=p[10]; /* minor version according to client_version */
|
|
if (v[1] >= TLS1_VERSION_MINOR)
|