tls1 did not survive to restarts, so get rid of it.
unsigned char *p,*d,*dd;
unsigned int i;
unsigned int csl,sil,cl;
unsigned char *p,*d,*dd;
unsigned int i;
unsigned int csl,sil,cl;
int type=0,use_sslv2_strong=0;
int v[2];
int type=0,use_sslv2_strong=0;
int v[2];
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
+ s->version=TLS1_VERSION;
/* type=2; */ /* done later to survive restarts */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
/* type=2; */ /* done later to survive restarts */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
+ s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
+ s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
+ s->version=TLS1_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
}
else if (!(s->options & SSL_OP_NO_SSLv3))
+ {
+ s->version=SSL3_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
type=3;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
type=3;
next_bit:
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
next_bit:
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
- /* we have a SSLv3/TLSv1 in a SSLv2 header
- * (other cases skip this state)* */
+ /* we have SSLv3/TLSv1 in an SSLv2 header
+ * (other cases skip this state) */
+
+ v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
n=((p[0]&0x7f)<<8)|p[1];
if (n > (1024*4))
{
n=((p[0]&0x7f)<<8)|p[1];
if (n > (1024*4))
{
- *(d++)=SSL3_VERSION_MAJOR;
- if (tls1)
- *(d++)=TLS1_VERSION_MINOR;
- else
- *(d++)=SSL3_VERSION_MINOR;
+ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+ *(d++) = v[1];
/* lets populate the random area */
/* get the chalenge_length */
/* lets populate the random area */
/* get the chalenge_length */
- if (tls1)
- {
- s->version=TLS1_VERSION;
- s->method=TLSv1_server_method();
- }
+ if (s->version == TLS1_VERSION)
+ s->method = TLSv1_server_method();
- {
- s->version=SSL3_VERSION;
- s->method=SSLv3_server_method();
- }
+ s->method = SSLv3_server_method();
#if 0 /* ssl3_get_client_hello does this */
s->client_version=(v[0]<<8)|v[1];
#endif
#if 0 /* ssl3_get_client_hello does this */
s->client_version=(v[0]<<8)|v[1];
#endif
if (buf != buf_space) Free(buf);
return(-1);
}
if (buf != buf_space) Free(buf);
return(-1);
}
num = INT_MAX;
if (num > 1)
num = INT_MAX;
if (num > 1)
- --num; /* for testing restartability even more thoroughly */
+ --num; /* test restartability even more thoroughly */
r = BIO_nwrite(io1, &dataptr, (int)num);
assert(r > 0);
r = BIO_nwrite(io1, &dataptr, (int)num);
assert(r > 0);
./ssltest || exit 1
echo test sslv2/sslv3 w/o DHE via BIO pair
./ssltest || exit 1
echo test sslv2/sslv3 w/o DHE via BIO pair
-./ssltest -no_dhe || exit 1
+./ssltest -bio_pair -no_dhe || exit 1
echo test sslv2/sslv3 with server authentication
./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
echo test sslv2/sslv3 with server authentication
./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
projects / openssl.git / commitdiff