Ver código fonte

Don't change s->version after have_version is set.

Those version checks are if renego tried to change the version, but at that
point we're out of the initial null cipher and should leave the version fixed.

(On the server end, the code in question was dead after the version negotiation
rewrite anyway.)

Change-Id: I3242ba11bc9981ccf7fdb867176d59846cc49dd9
Reviewed-on: https://boringssl-review.googlesource.com/2605
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 9 anos atrás
committed by Adam Langley
pai
commit
ef5885e410
2 arquivos alterados com 0 adições e 7 exclusões
  1. +0
    -1
      ssl/s3_clnt.c
  2. +0
    -6
      ssl/s3_srvr.c

+ 0
- 1
ssl/s3_clnt.c Ver arquivo

@@ -794,7 +794,6 @@ int ssl3_get_server_hello(SSL *s)
else if (server_version != s->version)
{
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_WRONG_SSL_VERSION);
s->version = (s->version & 0xff00) | (server_version & 0xff);
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}


+ 0
- 6
ssl/s3_srvr.c Ver arquivo

@@ -1148,12 +1148,6 @@ int ssl3_get_client_hello(SSL *s)
: (s->client_version < s->version))
{
OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_WRONG_VERSION_NUMBER);
if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
!s->s3->have_version)
{
/* similar to ssl3_get_record, send alert using remote version number */
s->version = s->client_version;
}
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}


Carregando…
Cancelar
Salvar