Support TLS extensions (specifically, HostName)

[openssl.git] / ssl / s23_srvr.c

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 7168385659441bf1b7a5bb991fea10a9592bdf41..8bf044e15fd4f6c3e3cbb362d13d52c8715240aa 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -250,9 +250,6 @@ int ssl23_get_client_hello(SSL *s)
        int n=0,j;
        int type=0;
        int v[2];
-#ifndef OPENSSL_NO_RSA
-       int use_sslv2_strong=0;
-#endif
 
        if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
                {
@@ -419,7 +416,7 @@ int ssl23_get_client_hello(SSL *s)
                n2s(p,sil);
                n2s(p,cl);
                d=(unsigned char *)s->init_buf->data;
-               if ((csl+sil+cl+11) != s->packet_length)
+               if ((csl+sil+cl+11) > s->packet_length)
                        {
                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
                        goto err;
@@ -462,6 +459,12 @@ int ssl23_get_client_hello(SSL *s)
                *(d++)=1;
                *(d++)=0;
                
+                /* copy any remaining data with may be extensions */
+               p = p+csl+sil+cl ;
+               while (p <  s->packet+s->packet_length) {
+                       *(d++)=*(p++);
+               }
+
                i = (d-(unsigned char *)s->init_buf->data) - 4;
                l2n3((long)i, d_len);
 
@@ -501,9 +504,7 @@ int ssl23_get_client_hello(SSL *s)
                        }
 
                s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-               if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-                       use_sslv2_strong ||
-                       (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+               if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
                        s->s2->ssl2_rollback=0;
                else
                        /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0