Repair another bug in s23_get_client_hello:
authorBodo Möller <bodo@openssl.org>
Fri, 10 Sep 1999 16:41:01 +0000 (16:41 +0000)
committerBodo Möller <bodo@openssl.org>
Fri, 10 Sep 1999 16:41:01 +0000 (16:41 +0000)
tls1 did not survive to restarts, so get rid of it.

ssl/s23_srvr.c
ssl/ssltest.c
test/testssl

index 94d593f09f855c533ce7ae3866fda123e572b324..8a3bc2ea1f0de2d0cf0a910847b43fa396255cb0 100644 (file)
@@ -191,7 +191,7 @@ int ssl23_get_client_hello(SSL *s)
        unsigned char *p,*d,*dd;
        unsigned int i;
        unsigned int csl,sil,cl;
-       int n=0,j,tls1=0;
+       int n=0,j;
        int type=0,use_sslv2_strong=0;
        int v[2];
 
@@ -229,12 +229,13 @@ int ssl23_get_client_hello(SSL *s)
                                        {
                                        if (!(s->options & SSL_OP_NO_TLSv1))
                                                {
-                                               tls1=1;
+                                               s->version=TLS1_VERSION;
                                                /* type=2; */ /* done later to survive restarts */
                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
                                                }
                                        else if (!(s->options & SSL_OP_NO_SSLv3))
                                                {
+                                               s->version=SSL3_VERSION;
                                                /* type=2; */
                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
                                                }
@@ -245,6 +246,7 @@ int ssl23_get_client_hello(SSL *s)
                                        }
                                else if (!(s->options & SSL_OP_NO_SSLv3))
                                        {
+                                       s->version=SSL3_VERSION;
                                        /* type=2; */
                                        s->state=SSL23_ST_SR_CLNT_HELLO_B;
                                        }
@@ -329,11 +331,14 @@ int ssl23_get_client_hello(SSL *s)
                                {
                                if (!(s->options & SSL_OP_NO_TLSv1))
                                        {
+                                       s->version=TLS1_VERSION;
                                        type=3;
-                                       tls1=1;
                                        }
                                else if (!(s->options & SSL_OP_NO_SSLv3))
+                                       {
+                                       s->version=SSL3_VERSION;
                                        type=3;
+                                       }
                                }
                        else if (!(s->options & SSL_OP_NO_SSLv3))
                                type=3;
@@ -356,12 +361,14 @@ int ssl23_get_client_hello(SSL *s)
 next_bit:
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                {
-               /* we have a SSLv3/TLSv1 in a SSLv2 header
-                * (other cases skip this state)* */
+               /* we have SSLv3/TLSv1 in an SSLv2 header
+                * (other cases skip this state) */
+
                type=2;
                p=s->packet;
-               v[0] = p[3];
+               v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
                v[1] = p[4];
+
                n=((p[0]&0x7f)<<8)|p[1];
                if (n > (1024*4))
                        {
@@ -386,11 +393,8 @@ next_bit:
                        goto err;
                        }
 
-               *(d++)=SSL3_VERSION_MAJOR;
-               if (tls1)
-                       *(d++)=TLS1_VERSION_MINOR;
-               else
-                       *(d++)=SSL3_VERSION_MINOR;
+               *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+               *(d++) = v[1];
 
                /* lets populate the random area */
                /* get the chalenge_length */
@@ -499,16 +503,10 @@ next_bit:
                        s->s3->rbuf.offset=0;
                        }
 
-               if (tls1)
-                       {
-                       s->version=TLS1_VERSION;
-                       s->method=TLSv1_server_method();
-                       }
+               if (s->version == TLS1_VERSION)
+                       s->method = TLSv1_server_method();
                else
-                       {
-                       s->version=SSL3_VERSION;
-                       s->method=SSLv3_server_method();
-                       }
+                       s->method = SSLv3_server_method();
 #if 0 /* ssl3_get_client_hello does this */
                s->client_version=(v[0]<<8)|v[1];
 #endif
@@ -530,4 +528,3 @@ err:
        if (buf != buf_space) Free(buf);
        return(-1);
        }
-
index bebe7261921ea9adfa3451d684031ea33862a5a9..5c6508efcf509ccf912ceb0c7995e4ca5981939d 100644 (file)
@@ -727,7 +727,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
                                                num = INT_MAX;
 
                                        if (num > 1)
-                                               --num; /* for testing restartability even more thoroughly */
+                                               --num; /* test restartability even more thoroughly */
                                        
                                        r = BIO_nwrite(io1, &dataptr, (int)num);
                                        assert(r > 0);
index 5a76bdf7789b217089510e2f425ebabe7f68c9a2..1d04b939f389b97007bf8a07f8625c32d7ac9649 100644 (file)
@@ -64,7 +64,7 @@ echo test sslv2/sslv3 via BIO pair
 ./ssltest || exit 1
 
 echo test sslv2/sslv3 w/o DHE via BIO pair
-./ssltest -no_dhe || exit 1
+./ssltest -bio_pair -no_dhe || exit 1
 
 echo test sslv2/sslv3 with server authentication
 ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1