projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
PR: 1829
[oweals/openssl.git]
/
ssl
/
s23_clnt.c
diff --git
a/ssl/s23_clnt.c
b/ssl/s23_clnt.c
index a596e7b2ec9843ed18eb8fc9a507d2e7452f0611..bc918170e10261b1ab990d1a544f251e93851b40 100644
(file)
--- a/
ssl/s23_clnt.c
+++ b/
ssl/s23_clnt.c
@@
-230,6
+230,8
@@
static int ssl23_client_hello(SSL *s)
if (s->tlsext_hostname != NULL)
ssl2_compat = 0;
if (s->tlsext_hostname != NULL)
ssl2_compat = 0;
+ if (s->tlsext_status_type != -1)
+ ssl2_compat = 0;
}
#endif
}
#endif
@@
-255,6
+257,14
@@
static int ssl23_client_hello(SSL *s)
version_major = TLS1_VERSION_MAJOR;
version_minor = TLS1_VERSION_MINOR;
}
version_major = TLS1_VERSION_MAJOR;
version_minor = TLS1_VERSION_MINOR;
}
+#ifdef OPENSSL_FIPS
+ else if(FIPS_mode())
+ {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ return -1;
+ }
+#endif
else if (version == SSL3_VERSION)
{
version_major = SSL3_VERSION_MAJOR;
else if (version == SSL3_VERSION)
{
version_major = SSL3_VERSION_MAJOR;
@@
-534,6
+544,14
@@
static int ssl23_get_server_hello(SSL *s)
if ((p[2] == SSL3_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_SSLv3))
{
if ((p[2] == SSL3_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_SSLv3))
{
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode())
+ {
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ goto err;
+ }
+#endif
s->version=SSL3_VERSION;
s->method=SSLv3_client_method();
}
s->version=SSL3_VERSION;
s->method=SSLv3_client_method();
}