The message header for fake SSL 3.0/TLS 1.0 client hellos created from

SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 342d145c233cfe93fbcaa6bf116edd69c9daa0c5..563531f1201864800a0a36c20d61a142e897e572 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -365,12 +365,11 @@ int ssl23_get_client_hello(SSL *s)
                        goto err;
                        }
 
-               /* record header: version ... */
-               *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
-               *(d++) = v[1];
+               /* record header: msg_type ... */
+               *(d++) = SSL3_MT_CLIENT_HELLO;
                /* ... and length (actual value will be written later) */
-               d_len = d++;
-               d++;
+               d_len = d;
+               d += 3;
 
                /* client_version */
                *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
@@ -404,7 +403,7 @@ int ssl23_get_client_hello(SSL *s)
                *(d++)=0;
                
                i=(d-(unsigned char *)s->init_buf->data);
-               s2n(i, d_len);
+               l2n3((long)i, d_len);
 
                /* get the data reused from the init_buf */
                s->s3->tmp.reuse_message=1;