- /* we must look at client_version inside the client hello: */
- n=ssl23_read_bytes(s,11);
- /* restarts are no problem here, stay in initial state */
- if (n != 11)
- return(n); /* n == -1 || n == 0 */
-
- v[0]=p[9]; v[1]=p[10];
- if (p[2] >= TLS1_VERSION_MINOR)
+ v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
+ /* We must look at client_version inside the Client Hello message
+ * to get the correct minor version.
+ * However if we have only a pathologically small fragment of the
+ * Client Hello message, this would be difficult, we'd have
+ * to read at least one additional record to find out.
+ * This doesn't usually happen in real life, so we just complain
+ * for now.
+ */
+ if (p[3] == 0 && p[4] < 6)
+ {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+ goto err;
+ }
+ v[1]=p[10]; /* minor version according to client_version */
+ if (v[1] >= TLS1_VERSION_MINOR)