diff options
| author | jsing <> | 2021-02-22 15:59:10 +0000 |
|---|---|---|
| committer | jsing <> | 2021-02-22 15:59:10 +0000 |
| commit | 31c2675f96aa093b3ad5ba68f18a9459299bb76f (patch) | |
| tree | a7f7865a8d1bcc0bfa905831a41b2d44f8183e83 /src/lib/libssl/ssl_clnt.c | |
| parent | b38b3c4cdaca2fdaf70efbdf79aa68508345e85b (diff) | |
| download | openbsd-31c2675f96aa093b3ad5ba68f18a9459299bb76f.tar.gz openbsd-31c2675f96aa093b3ad5ba68f18a9459299bb76f.tar.bz2 openbsd-31c2675f96aa093b3ad5ba68f18a9459299bb76f.zip | |
Factor out/change some of the legacy client version handling code.
This consolidates the version handling code and will make upcoming changes
easier.
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index bfff652ff1..70bda982c6 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.83 2021/02/20 14:16:56 tb Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.84 2021/02/22 15:59:10 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -655,7 +655,7 @@ ssl3_send_client_hello(SSL *s) | |||
| 655 | if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { | 655 | if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { |
| 656 | SSL_SESSION *sess = s->session; | 656 | SSL_SESSION *sess = s->session; |
| 657 | 657 | ||
| 658 | if (ssl_supported_version_range(s, NULL, &max_version) != 1) { | 658 | if (!ssl_max_supported_version(s, &max_version)) { |
| 659 | SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); | 659 | SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); |
| 660 | return (-1); | 660 | return (-1); |
| 661 | } | 661 | } |
| @@ -852,7 +852,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 852 | { | 852 | { |
| 853 | CBS cbs, server_random, session_id; | 853 | CBS cbs, server_random, session_id; |
| 854 | uint16_t server_version, cipher_suite; | 854 | uint16_t server_version, cipher_suite; |
| 855 | uint16_t min_version, max_version; | 855 | uint16_t max_version; |
| 856 | uint8_t compression_method; | 856 | uint8_t compression_method; |
| 857 | const SSL_CIPHER *cipher; | 857 | const SSL_CIPHER *cipher; |
| 858 | const SSL_METHOD *method; | 858 | const SSL_METHOD *method; |
| @@ -896,12 +896,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 896 | if (!CBS_get_u16(&cbs, &server_version)) | 896 | if (!CBS_get_u16(&cbs, &server_version)) |
| 897 | goto decode_err; | 897 | goto decode_err; |
| 898 | 898 | ||
| 899 | if (ssl_supported_version_range(s, &min_version, &max_version) != 1) { | 899 | if (!ssl_check_version_from_server(s, server_version)) { |
| 900 | SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); | ||
| 901 | goto err; | ||
| 902 | } | ||
| 903 | |||
| 904 | if (server_version < min_version || server_version > max_version) { | ||
| 905 | SSLerror(s, SSL_R_WRONG_SSL_VERSION); | 900 | SSLerror(s, SSL_R_WRONG_SSL_VERSION); |
| 906 | s->version = (s->version & 0xff00) | (server_version & 0xff); | 901 | s->version = (s->version & 0xff00) | (server_version & 0xff); |
| 907 | al = SSL_AD_PROTOCOL_VERSION; | 902 | al = SSL_AD_PROTOCOL_VERSION; |