kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use have_version in clamping TLS record-layer version to 1.0.

Browse Source 
Match the DTLS code. Rather than sniffing the handshake state, use the
have_version bit.

Change-Id: I40e92f187647417c34b4cfdc3ad258f5562e781b
Reviewed-on: https://boringssl-review.googlesource.com/2588
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-12-13 01:33:12 -05:00 committed by Adam Langley
parent accb454e44
commit 1f48fba861
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ssl/s3_pkt.c
View File

@ -736,16 +736,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
*(p++)=type&0xff;
wr->type=type;
*(p++)=(s->version>>8);
/* Some servers hang if iniatial client hello is larger than 256
* bytes and record version number > TLS 1.0
*/
if (s->state == SSL3_ST_CW_CLNT_HELLO_B
&& !s->renegotiate
&& TLS1_get_version(s) > TLS1_VERSION)
*(p++) = 0x1;
/* Some servers hang if initial ClientHello is larger than 256
* bytes and record version number > TLS 1.0. */
if (!s->s3->have_version && s->version > SSL3_VERSION)
{
*(p++) = TLS1_VERSION >> 8;
*(p++) = TLS1_VERSION & 0xff;
}
else
*(p++)=s->version&0xff;
{
*(p++) = s->version >> 8;
*(p++) = s->version & 0xff;
}
/* field where we are to write out packet length */
plen=p;