diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-13 19:08:02 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-13 19:08:02 +0000 |
commit | bd5f21a4aea1ffb59f35c1c9ccb6e591fe5b8b88 (patch) | |
tree | 6cb98e9aa0a9b6838dcde5de54c1c4afbb54e2d9 /ssl/s23_srvr.c | |
parent | 1b31b5ad560b16e2fe1cad54a755e3e6b5e778a3 (diff) | |
download | openssl-bd5f21a4aea1ffb59f35c1c9ccb6e591fe5b8b88.tar.gz |
Fix version handling so it can cope with a major version >3.
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
Diffstat (limited to 'ssl/s23_srvr.c')
-rw-r--r-- | ssl/s23_srvr.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 03efdf74c1..05e4e0b47b 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -323,7 +323,7 @@ int ssl23_get_client_hello(SSL *s) (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO) && ((p[3] == 0 && p[4] < 5 /* silly record length? */) - || (p[9] == p[1]))) + || (p[9] >= p[1]))) { /* * SSLv3 or tls1 header @@ -347,6 +347,13 @@ int ssl23_get_client_hello(SSL *s) v[1] = TLS1_VERSION_MINOR; #endif } + /* if major version number > 3 set minor to a value + * which will use the highest version 3 we support. + * If TLS 2.0 ever appears we will need to revise + * this.... + */ + else if (p[9] > SSL3_VERSION_MAJOR) + v[1]=0xff; else v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) |