1 files changed, 32 insertions, 4 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 6637bb9549..b73abc448f 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -132,10 +132,28 @@ static SSL_METHOD *ssl23_get_server_method(int ver)
                return(NULL);
        }
-IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
+SSL_METHOD *SSLv23_server_method(void)
-                        ssl23_accept,
+        {
-                        ssl_undefined_function,
+        static int init=1;
-                        ssl23_get_server_method)
+        static SSL_METHOD SSLv23_server_data;
+        if (init)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+                if (init)
+                        {
+                        memcpy((char *)&SSLv23_server_data,
+                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+                        SSLv23_server_data.ssl_accept=ssl23_accept;
+                        SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+                        init=0;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+                }
+        return(&SSLv23_server_data);
+        }
 int ssl23_accept(SSL *s)
        {
@@ -386,6 +404,15 @@ int ssl23_get_client_hello(SSL *s)
                        }
                }
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && (s->version < TLS1_VERSION))
+                {
+                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                goto err;
+                }
+#endif
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                {
                /* we have SSLv3/TLSv1 in an SSLv2 header
@@ -565,6 +592,7 @@ int ssl23_get_client_hello(SSL *s)
        s->init_num=0;
        if (buf != buf_space) OPENSSL_free(buf);
+        s->first_packet=1;
        return(SSL_accept(s));
 err:
        if (buf != buf_space) OPENSSL_free(buf);

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index 6637bb9549..b73abc448f 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c
@@ -132,10 +132,28 @@ static SSL_METHOD *ssl23_get_server_method(int ver)
132	return(NULL);	132	return(NULL);
133	}	133	}
134		134
135	IMPLEMENT_ssl23_meth_func(SSLv23_server_method,	135	SSL_METHOD *SSLv23_server_method(void)
136	ssl23_accept,	136	{
137	ssl_undefined_function,	137	static int init=1;
138	ssl23_get_server_method)	138	static SSL_METHOD SSLv23_server_data;
		139
		140	if (init)
		141	{
		142	CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
		143
		144	if (init)
		145	{
		146	memcpy((char *)&SSLv23_server_data,
		147	(char *)sslv23_base_method(),sizeof(SSL_METHOD));
		148	SSLv23_server_data.ssl_accept=ssl23_accept;
		149	SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
		150	init=0;
		151	}
		152
		153	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
		154	}
		155	return(&SSLv23_server_data);
		156	}
139		157
140	int ssl23_accept(SSL *s)	158	int ssl23_accept(SSL *s)
141	{	159	{
@@ -386,6 +404,15 @@ int ssl23_get_client_hello(SSL *s)
386	}	404	}
387	}	405	}
388		406
		407	#ifdef OPENSSL_FIPS
		408	if (FIPS_mode() && (s->version < TLS1_VERSION))
		409	{
		410	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
		411	SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
		412	goto err;
		413	}
		414	#endif
		415
389	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)	416	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
390	{	417	{
391	/* we have SSLv3/TLSv1 in an SSLv2 header	418	/* we have SSLv3/TLSv1 in an SSLv2 header
@@ -565,6 +592,7 @@ int ssl23_get_client_hello(SSL *s)
565	s->init_num=0;	592	s->init_num=0;
566		593
567	if (buf != buf_space) OPENSSL_free(buf);	594	if (buf != buf_space) OPENSSL_free(buf);
		595	s->first_packet=1;
568	return(SSL_accept(s));	596	return(SSL_accept(s));
569	err:	597	err:
570	if (buf != buf_space) OPENSSL_free(buf);	598	if (buf != buf_space) OPENSSL_free(buf);