X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fs3_pkt.c;h=4299af1e7cccf343d6ec8eb26f041514588306e1;hb=c38b76bf69adff2ae6240a474ac4309cda9bf163;hp=34a6ad7aeafcc5cf8a63c135f78472cf70497fdd;hpb=d18a0df0a6d0933caa8033f58ed224b4a9055259;p=openssl.git

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 34a6ad7aea..4299af1e7c 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -321,6 +321,8 @@ again:
 		s->rstate=SSL_ST_READ_BODY;
 
 		p=s->packet;
+		if (s->msg_callback)
+			s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, s->msg_callback_arg);
 
 		/* Pull apart the header into the SSL3_RECORD */
 		rr->type= *(p++);
@@ -664,10 +666,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	if (	(sess == NULL) ||
 		(s->enc_write_ctx == NULL) ||
 		(EVP_MD_CTX_md(s->write_hash) == NULL))
+		{
+#if 1
+		clear=s->enc_write_ctx?0:1;	/* must be AEAD cipher */
+#else
 		clear=1;
-
-	if (clear)
+#endif
 		mac_size=0;
+		}
 	else
 		{
 		mac_size=EVP_MD_CTX_size(s->write_hash);
@@ -736,7 +742,15 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	wr->type=type;
 
 	*(p++)=(s->version>>8);
-	*(p++)=s->version&0xff;
+	/* Some servers hang if iniatial client hello is larger than 256
+	 * bytes and record version number > TLS 1.0
+	 */
+	if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+				&& !s->renegotiate
+				&& TLS1_get_version(s) > TLS1_VERSION)
+		*(p++) = 0x1;
+	else
+		*(p++)=s->version&0xff;
 
 	/* field where we are to write out packet length */
 	plen=p; 
@@ -810,6 +824,9 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	/* record length after mac and block padding */
 	s2n(wr->length,plen);
 
+	if (s->msg_callback)
+		s->msg_callback(1, 0, SSL3_RT_HEADER, plen - 5, 5, s, s->msg_callback_arg);
+
 	/* we should now have
 	 * wr->data pointing to the encrypted data, which is
 	 * wr->length long */
@@ -1070,6 +1087,19 @@ start:
 			dest = s->s3->alert_fragment;
 			dest_len = &s->s3->alert_fragment_len;
 			}
+#ifndef OPENSSL_NO_HEARTBEATS
+		else if (rr->type == TLS1_RT_HEARTBEAT)
+			{
+			tls1_process_heartbeat(s);
+
+			/* Exit and notify application to read again */
+			rr->length = 0;
+			s->rwstate=SSL_READING;
+			BIO_clear_retry_flags(SSL_get_rbio(s));
+			BIO_set_retry_read(SSL_get_rbio(s));
+			return(-1);
+			}
+#endif
 
 		if (dest_maxlen > 0)
 			{