diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-24 18:17:00 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-01-02 15:05:44 +0000 |
| commit | b77b58a398c8b9b4113f3fb6b48e162a3b8d4527 (patch) | |
| tree | d9b6f28c6763e40f396e40ed35587bdf2e76c162 /ssl/s3_pkt.c | |
| parent | f6dfbeed3c82e3bfc9cda2f4cd80f1e1b5515ba9 (diff) | |
| download | openssl-b77b58a398c8b9b4113f3fb6b48e162a3b8d4527.tar.gz | |
Don't change version number if session established
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.
Thanks to Marek Majkowski for additional analysis of this issue.
PR#3191
Diffstat (limited to 'ssl/s3_pkt.c')
| -rw-r--r-- | ssl/s3_pkt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a6fd3bf12e..c3a061dac0 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -348,7 +348,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - if ((s->version & 0xFF00) == (version & 0xFF00)) + if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) /* Send back error using their minor version number :-) */ s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; |