kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Don't change s->version after have_version is set. 

Those version checks are if renego tried to change the version, but at that
point we're out of the initial null cipher and should leave the version fixed.

(On the server end, the code in question was dead after the version negotiation
rewrite anyway.)

Change-Id: I3242ba11bc9981ccf7fdb867176d59846cc49dd9
Reviewed-on: https://boringssl-review.googlesource.com/2605
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 9 years ago
committed by Adam Langley
parent
e4824e8af0
commit
ef5885e410
2 changed files with 0 additions and 7 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -1
      ssl/s3_clnt.c
  2. +0
    -6
      ssl/s3_srvr.c

+ 0
- 1
ssl/s3_clnt.c View File

@@ -794,7 +794,6 @@ int ssl3_get_server_hello(SSL *s)
else if (server_version != s->version)
{
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_WRONG_SSL_VERSION);
s->version = (s->version & 0xff00) | (server_version & 0xff);
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}


+ 0
- 6
ssl/s3_srvr.c View File

@@ -1148,12 +1148,6 @@ int ssl3_get_client_hello(SSL *s)
: (s->client_version < s->version))
{
OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_WRONG_VERSION_NUMBER);
if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
!s->s3->have_version)
{
/* similar to ssl3_get_record, send alert using remote version number */
s->version = s->client_version;
}
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}


Write Preview
Loading…
Cancel
Save