int ssl23_get_client_hello(SSL *s);
static SSL_METHOD *ssl23_get_server_method(int ver)
{
+#ifndef NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_server_method());
+#endif
if (ver == SSL3_VERSION)
return(SSLv3_server_method());
else if (ver == TLS1_VERSION)
int ret= -1;
int new_state,state;
- RAND_seed(&Time,sizeof(Time));
+ RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
int ssl23_get_client_hello(SSL *s)
{
- char buf_space[11]; /* request this many bytes in initial read */
+ char buf_space[11]; /* Request this many bytes in initial read.
+ * We can detect SSL 3.0/TLS 1.0 Client Hellos only
+ * when the following is in a single record
+ * (not guaranteed by protocol specs):
+ * Byte Content
+ * 0 type \
+ * 1/2 version > record header
+ * 3/4 length /
+ * 5 msg_type \
+ * 6-8 length > Client Hello message
+ * 9/10 client_version /
+ */
char *buf= &(buf_space[0]);
unsigned char *p,*d,*dd;
unsigned int i;
}
}
else if (!(s->options & SSL_OP_NO_SSLv3))
+ {
+ s->version=SSL3_VERSION;
type=3;
+ }
}
else if ((strncmp("GET ", (char *)p,4) == 0) ||
(strncmp("POST ",(char *)p,5) == 0) ||
if (type == 1)
{
+#ifdef NO_SSL2
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+#else
/* we are talking sslv2 */
/* we need to clean up the SSLv3/TLSv1 setup and put in the
* sslv2 stuff. */
s->method=SSLv2_server_method();
s->handshake_func=s->method->ssl_accept;
+#endif
}
if ((type == 2) || (type == 3))
projects / openssl.git / blobdiff