0.9.8 version of PR#1931 fix.

[oweals/openssl.git] / ssl / s23_srvr.c

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 5cd00f850e31e144eb71d227499f53c96854f43c..ba06e7ae2eb93c1a1fff14a3dd05549785d365b5 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -140,7 +140,7 @@ IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
 int ssl23_accept(SSL *s)
        {
        BUF_MEM *buf;
-       unsigned long Time=time(NULL);
+       unsigned long Time=(unsigned long)time(NULL);
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
        int new_state,state;
@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s)
                        }
                }
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && (s->version < TLS1_VERSION))
+               {
+               SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+                                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+               goto err;
+               }
+#endif
+
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                {
                /* we have SSLv3/TLSv1 in an SSLv2 header
@@ -565,7 +574,6 @@ int ssl23_get_client_hello(SSL *s)
        s->init_num=0;
 
        if (buf != buf_space) OPENSSL_free(buf);
-       s->first_packet=1;
        return(SSL_accept(s));
 err:
        if (buf != buf_space) OPENSSL_free(buf);