/* SSLfatal() already called */
goto err;
}
-#ifdef SSL_DEBUG
- fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
} else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
ERR_R_INTERNAL_ERROR);
goto err;
}
+#ifdef SSL_DEBUG
+ if (SSL_USE_SIGALGS(s))
+ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+
/* Check for broken implementations of GOST ciphersuites */
/*
* If key is GOST and len is exactly 64 or 128, it is signature without
/* This is a real handshake so make sure we clean it up at the end */
if (s->server) {
+ /*
+ * To get this far we must have read encrypted data from the client. We
+ * no longer tolerate unencrypted alerts. This value is ignored if less
+ * than TLSv1.3
+ */
+ s->statem.enc_read_state = ENC_READ_STATE_VALID;
if (s->post_handshake_auth != SSL_PHA_REQUESTED)
s->statem.cleanuphand = 1;
if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) {
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
- /* TODO(TLS1.3): Remove this before release */
- unsigned int orig_candidate = 0;
suppversions->parsed = 1;
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
- /* TODO(TLS1.3): Remove this before release */
- if (candidate_vers == TLS1_3_VERSION_DRAFT
- || candidate_vers == TLS1_3_VERSION_DRAFT_27
- || candidate_vers == TLS1_3_VERSION_DRAFT_26) {
- if (best_vers == TLS1_3_VERSION
- && orig_candidate > candidate_vers)
- continue;
- orig_candidate = candidate_vers;
- candidate_vers = TLS1_3_VERSION;
- } else if (candidate_vers == TLS1_3_VERSION) {
- /* Don't actually accept real TLSv1.3 */
- continue;
- }
- /*
- * TODO(TLS1.3): There is some discussion on the TLS list about
- * whether to ignore versions <TLS1.2 in supported_versions. At the
- * moment we honour them if present. To be reviewed later
- */
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
- /* TODO(TLS1.3): Remove this before release */
- if (best_vers == TLS1_3_VERSION)
- s->version_draft = orig_candidate;
s->method = best_method;
return 0;
}
if (highver != 0 && s->version != vent->version)
continue;
+ if (highver == 0 && (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) != 0)
+ highver = vent->version;
+
method = vent->cmeth();
err = ssl_method_error(s, method);
if (err != 0) {
if (s->version != vent->version)
continue;
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
/* Check for downgrades */
if (s->version == TLS1_2_VERSION && highver > s->version) {
if (memcmp(tls12downgrade,
return 0;
}
}
-#endif
s->method = method;
return 1;