diff options
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 15768bb565..06ad42c8ff 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.91 2021/02/07 15:04:10 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.92 2021/02/20 08:22:55 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1171,10 +1171,15 @@ ssl3_send_dtls_hello_verify_request(SSL *s) | |||
| 1171 | return 0; | 1171 | return 0; |
| 1172 | } | 1172 | } |
| 1173 | 1173 | ||
| 1174 | /* | ||
| 1175 | * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should | ||
| 1176 | * always contain DTLSv1.0 regardless of the version that is | ||
| 1177 | * going to be negotiated. | ||
| 1178 | */ | ||
| 1174 | if (!ssl3_handshake_msg_start(s, &cbb, &verify, | 1179 | if (!ssl3_handshake_msg_start(s, &cbb, &verify, |
| 1175 | DTLS1_MT_HELLO_VERIFY_REQUEST)) | 1180 | DTLS1_MT_HELLO_VERIFY_REQUEST)) |
| 1176 | goto err; | 1181 | goto err; |
| 1177 | if (!CBB_add_u16(&verify, s->version)) | 1182 | if (!CBB_add_u16(&verify, DTLS1_VERSION)) |
| 1178 | goto err; | 1183 | goto err; |
| 1179 | if (!CBB_add_u8_length_prefixed(&verify, &cookie)) | 1184 | if (!CBB_add_u8_length_prefixed(&verify, &cookie)) |
| 1180 | goto err; | 1185 | goto err; |