int ssl23_get_client_hello(SSL *s);
static SSL_METHOD *ssl23_get_server_method(int ver)
{
+#ifndef NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_server_method());
+#endif
if (ver == SSL3_VERSION)
return(SSLv3_server_method());
else if (ver == TLS1_VERSION)
int ret= -1;
int new_state,state;
- RAND_seed(&Time,sizeof(Time));
+ RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
int ssl23_get_client_hello(SSL *s)
{
- char buf_space[11]; /* request this many bytes in initial read */
+ char buf_space[11]; /* Request this many bytes in initial read.
+ * We can detect SSL 3.0/TLS 1.0 Client Hellos only
+ * when the following is in a single record
+ * (not guaranteed by protocol specs):
+ * Byte Content
+ * 0 type \
+ * 1/2 version > record header
+ * 3/4 length /
+ * 5 msg_type \
+ * 6-8 length > Client Hello message
+ * 9/10 client_version /
+ */
char *buf= &(buf_space[0]);
unsigned char *p,*d,*dd;
unsigned int i;
unsigned int csl,sil,cl;
- int n=0,j,tls1=0;
+ int n=0,j;
int type=0,use_sslv2_strong=0;
int v[2];
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
- tls1=1;
+ s->version=TLS1_VERSION;
/* type=2; */ /* done later to survive restarts */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
+ s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
+ s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
+ s->version=TLS1_VERSION;
type=3;
- tls1=1;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
+ {
+ s->version=SSL3_VERSION;
type=3;
+ }
}
else if (!(s->options & SSL_OP_NO_SSLv3))
+ {
+ s->version=SSL3_VERSION;
type=3;
+ }
}
else if ((strncmp("GET ", (char *)p,4) == 0) ||
(strncmp("POST ",(char *)p,5) == 0) ||
next_bit:
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
- /* we have a SSLv3/TLSv1 in a SSLv2 header
- * (other cases skip this state)* */
+ /* we have SSLv3/TLSv1 in an SSLv2 header
+ * (other cases skip this state) */
+
type=2;
p=s->packet;
- v[0] = p[3];
+ v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
v[1] = p[4];
+
n=((p[0]&0x7f)<<8)|p[1];
if (n > (1024*4))
{
goto err;
}
- *(d++)=SSL3_VERSION_MAJOR;
- if (tls1)
- *(d++)=TLS1_VERSION_MINOR;
- else
- *(d++)=SSL3_VERSION_MINOR;
+ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+ *(d++) = v[1];
/* lets populate the random area */
- /* get the chalenge_length */
+ /* get the challenge_length */
i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
memset(d,0,SSL3_RANDOM_SIZE);
memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
if (type == 1)
{
+#ifdef NO_SSL2
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+#else
/* we are talking sslv2 */
/* we need to clean up the SSLv3/TLSv1 setup and put in the
* sslv2 stuff. */
s->method=SSLv2_server_method();
s->handshake_func=s->method->ssl_accept;
+#endif
}
if ((type == 2) || (type == 3))
s->s3->rbuf.offset=0;
}
- if (tls1)
- {
- s->version=TLS1_VERSION;
- s->method=TLSv1_server_method();
- }
+ if (s->version == TLS1_VERSION)
+ s->method = TLSv1_server_method();
else
- {
- s->version=SSL3_VERSION;
- s->method=SSLv3_server_method();
- }
+ s->method = SSLv3_server_method();
#if 0 /* ssl3_get_client_hello does this */
s->client_version=(v[0]<<8)|v[1];
#endif
if (buf != buf_space) Free(buf);
return(-1);
}
-