fix support for receiving fragmented handshake messages

author Bodo Möller <bodo@openssl.org>

Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)

committer Bodo Möller <bodo@openssl.org>

Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)
author Bodo Möller <bodo@openssl.org>
Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)
committer Bodo Möller <bodo@openssl.org>
Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)
diff --git a/CHANGES b/CHANGES

index 008f259b0de8809dc8224481610a0f0539d31274..3708edcae04fd036a51e858710c97b8e043945f1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
  
   Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]
  
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
    *) Load error codes if they are not already present instead of using a
       static variable. This allows them to be cleanly unloaded and reloaded.
       [Steve Henson]
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c

index 86356731ea63c982b214eb64c9304b5959b78b6c..601763f4d831c2af71bdd9db3b4022f27ff92d5a 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -608,7 +608,6 @@ static int ssl23_get_server_hello(SSL *s)
         if (!ssl_get_new_session(s,0))
                 goto err;
  
-       s->first_packet=1;
         return(SSL_connect(s));
  err:
         return(-1);
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c

index b73abc448f8cd644b9951b3f8463f04217e89e67..c4eb3276a378d26e601639a78a9a13be1f19b921 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -592,7 +592,6 @@ int ssl23_get_client_hello(SSL *s)
         s->init_num=0;
  
         if (buf != buf_space) OPENSSL_free(buf);
-       s->first_packet=1;
         return(SSL_accept(s));
  err:
         if (buf != buf_space) OPENSSL_free(buf);
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c

index cb0b12b4006ee7aef991de5360da6df84ebf59e4..4476008fec8d7601d39ae288ac98e9fffe879254 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -275,11 +275,7 @@ again:
                 n2s(p,rr->length);
  
                 /* Lets check version */
-               if (s->first_packet)
-                       {
-                       s->first_packet=0;
-                       }
-               else
+               if (!s->first_packet)
                         {
                         if (version != s->version)
                                 {
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 98d0a075e5effcd737cd0d18c57e6c78e9f4b4f5..28519e584de8e4af4ebb52b3a1098048b892e9c4 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -662,9 +662,9 @@ static int ssl3_get_client_hello(SSL *s)
          */
         if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
                 {
-               s->first_packet=1;
                 s->state=SSL3_ST_SR_CLNT_HELLO_B;
                 }
+       s->first_packet=1;
         n=ssl3_get_message(s,
                 SSL3_ST_SR_CLNT_HELLO_B,
                 SSL3_ST_SR_CLNT_HELLO_C,
@@ -673,6 +673,7 @@ static int ssl3_get_client_hello(SSL *s)
                 &ok);
  
         if (!ok) return((int)n);
+       s->first_packet=0;
         d=p=(unsigned char *)s->init_msg;
  
         /* use version from inside client hello, not from record header
author	Bodo Möller <bodo@openssl.org>
	Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)
CHANGES		patch \| blob \| history
ssl/s23_clnt.c		patch \| blob \| history
ssl/s23_srvr.c		patch \| blob \| history
ssl/s3_pkt.c		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history