int ssl23_get_client_hello(SSL *s);
static SSL_METHOD *ssl23_get_server_method(int ver)
{
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_server_method());
#endif
int n=0,j;
int type=0;
int v[2];
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
int use_sslv2_strong=0;
#endif
* SSLv3 or tls1 header
*/
- v[0]=p[1]; /* major version */
+ v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
/* We must look at client_version inside the Client Hello message
- * to get the correct minor version: */
- v[1]=p[10];
- /* However if we have only a pathologically small fragment of the
- * Client Hello message, we simply use the version from the
- * record header -- this is incorrect but unlikely to fail in
- * practice */
+ * to get the correct minor version.
+ * However if we have only a pathologically small fragment of the
+ * Client Hello message, this would be difficult, we'd have
+ * to read at least one additional record to find out.
+ * This doesn't usually happen in real life, so we just complain
+ * for now.
+ */
if (p[3] == 0 && p[4] < 6)
- v[1]=p[2];
+ {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+ goto err;
+ }
+ v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR)
{
if (!(s->options & SSL_OP_NO_TLSv1))
if (type == 1)
{
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
#else