projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
For SSLv2, return the SSLv2 method, not the SSLv23 method. This way,
[oweals/openssl.git]
/
ssl
/
s2_srvr.c
diff --git
a/ssl/s2_srvr.c
b/ssl/s2_srvr.c
index af300bab8d2825f451cae52b8c8d4d2c5c5b1002..10de5ec3dbce88c50d1e42e8f087ee0b66e1d868 100644
(file)
--- a/
ssl/s2_srvr.c
+++ b/
ssl/s2_srvr.c
@@
-57,7
+57,7
@@
*/
#include "ssl_locl.h"
*/
#include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef
OPENSSL_
NO_SSL2
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
@@
-450,6
+450,7
@@
static int get_client_hello(SSL *s)
unsigned char *p;
STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
unsigned char *p;
STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
+ STACK_OF(SSL_CIPHER) *prio, *allow;
int z;
/* This is a bit of a hack to check for the correct packet
int z;
/* This is a bit of a hack to check for the correct packet
@@
-555,21
+556,37
@@
static int get_client_hello(SSL *s)
&s->session->ciphers);
if (cs == NULL) goto mem_err;
&s->session->ciphers);
if (cs == NULL) goto mem_err;
- cl=
ssl_get_ciphers_by_id
(s);
+ cl=
SSL_get_ciphers
(s);
- for (z=0; z<sk_SSL_CIPHER_num(cs); z++)
+ if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+ {
+ prio=sk_SSL_CIPHER_dup(cl);
+ if (prio == NULL) goto mem_err;
+ allow = cs;
+ }
+ else
+ {
+ prio = cs;
+ allow = cl;
+ }
+ for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
{
{
- if (sk_SSL_CIPHER_find(
cl,sk_SSL_CIPHER_value(cs
,z)) < 0)
+ if (sk_SSL_CIPHER_find(
allow,sk_SSL_CIPHER_value(prio
,z)) < 0)
{
{
- sk_SSL_CIPHER_delete(
cs
,z);
+ sk_SSL_CIPHER_delete(
prio
,z);
z--;
}
}
z--;
}
}
-
+ if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+ {
+ sk_SSL_CIPHER_free(s->session->ciphers);
+ s->session->ciphers = prio;
+ }
/* s->session->ciphers should now have a list of
* ciphers that are on both the client and server.
* This list is ordered by the order the client sent
/* s->session->ciphers should now have a list of
* ciphers that are on both the client and server.
* This list is ordered by the order the client sent
- * the ciphers.
+ * the ciphers or in the order of the server's preference
+ * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
*/
}
p+=s->s2->tmp.cipher_spec_length;
*/
}
p+=s->s2->tmp.cipher_spec_length;
@@
-689,7
+706,7
@@
static int server_hello(SSL *s)
s->init_off=0;
}
/* SSL2_ST_SEND_SERVER_HELLO_B */
s->init_off=0;
}
/* SSL2_ST_SEND_SERVER_HELLO_B */
- /* If we are using TCP/IP, the performace is bad if we do 2
+ /* If we are using TCP/IP, the performa
n
ce is bad if we do 2
* writes without a read between them. This occurs when
* Session-id reuse is used, so I will put in a buffering module
*/
* writes without a read between them. This occurs when
* Session-id reuse is used, so I will put in a buffering module
*/
@@
-898,7
+915,7
@@
static int request_certificate(SSL *s)
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
- buf2=
(unsigned char *)M
alloc((unsigned int)i);
+ buf2=
OPENSSL_m
alloc((unsigned int)i);
if (buf2 == NULL)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
if (buf2 == NULL)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
@@
-907,7
+924,7
@@
static int request_certificate(SSL *s)
p2=buf2;
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
p2=buf2;
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
-
F
ree(buf2);
+
OPENSSL_f
ree(buf2);
pkey=X509_get_pubkey(x509);
if (pkey == NULL) goto end;
pkey=X509_get_pubkey(x509);
if (pkey == NULL) goto end;
@@
-966,7
+983,7
@@
static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
return(i);
}
SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
return(i);
}
-#else /* !NO_SSL2 */
+#else /* !
OPENSSL_
NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;
# if PEDANTIC
static void *dummy=&dummy;