From 9dc705a2ac604054bf061222cb0672488d4733b3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Wed, 29 Nov 2006 14:44:07 +0000 Subject: [PATCH] fix support for receiving fragmented handshake messages --- CHANGES | 7 +++++++ ssl/s23_clnt.c | 1 - ssl/s23_srvr.c | 1 - ssl/s3_pkt.c | 6 +----- ssl/s3_srvr.c | 3 ++- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 008f259b0d..3708edcae0 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7l and 0.9.7m [xx XXX xxxx] + *) Have SSL/TLS server implementation tolerate "mismatched" record + protocol version while receiving ClientHello even if the + ClientHello is fragmented. (The server can't insist on the + particular protocol version it has chosen before the ServerHello + message has informed the client about his choice.) + [Bodo Moeller] + *) Load error codes if they are not already present instead of using a static variable. This allows them to be cleanly unloaded and reloaded. [Steve Henson] diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 86356731ea..601763f4d8 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -608,7 +608,6 @@ static int ssl23_get_server_hello(SSL *s) if (!ssl_get_new_session(s,0)) goto err; - s->first_packet=1; return(SSL_connect(s)); err: return(-1); diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index b73abc448f..c4eb3276a3 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -592,7 +592,6 @@ int ssl23_get_client_hello(SSL *s) s->init_num=0; if (buf != buf_space) OPENSSL_free(buf); - s->first_packet=1; return(SSL_accept(s)); err: if (buf != buf_space) OPENSSL_free(buf); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index cb0b12b400..4476008fec 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -275,11 +275,7 @@ again: n2s(p,rr->length); /* Lets check version */ - if (s->first_packet) - { - s->first_packet=0; - } - else + if (!s->first_packet) { if (version != s->version) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 98d0a075e5..28519e584d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -662,9 +662,9 @@ static int ssl3_get_client_hello(SSL *s) */ if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { - s->first_packet=1; s->state=SSL3_ST_SR_CLNT_HELLO_B; } + s->first_packet=1; n=ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, SSL3_ST_SR_CLNT_HELLO_C, @@ -673,6 +673,7 @@ static int ssl3_get_client_hello(SSL *s) &ok); if (!ok) return((int)n); + s->first_packet=0; d=p=(unsigned char *)s->init_msg; /* use version from inside client hello, not from record header -- 2.25.1