Commit bd5f21a4 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix version handling so it can cope with a major version >3. 

Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
parent 1b31b5ad

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -881,6 +881,11 @@ 


 Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]



  *) Handle TLS versions 2.0 and later properly and correctly use the

     highest version of TLS/SSL supported. Although TLS >= 2.0 is some way

     off ancient servers have a habit of sticking around for a while...

     [Steve Henson]



  *) Modify compression code so it frees up structures without using the

     ex_data callbacks. This works around a problem where some applications

     call CRYPTO_free_all_ex_data() before application exit (e.g. when

ssl/s23_srvr.c

+8 −1
Original line number Diff line number Diff line
@@ -323,7 +323,7 @@ int ssl23_get_client_hello(SSL *s) 
			 (p[1] == SSL3_VERSION_MAJOR) &&

			 (p[5] == SSL3_MT_CLIENT_HELLO) &&

			 ((p[3] == 0 && p[4] < 5 /* silly record length? */)

				|| (p[9] == p[1])))

				|| (p[9] >= p[1])))

			{

			/*

			 * SSLv3 or tls1 header
@@ -347,6 +347,13 @@ int ssl23_get_client_hello(SSL *s) 
				v[1] = TLS1_VERSION_MINOR;

#endif

				}

			/* if major version number > 3 set minor to a value

			 * which will use the highest version 3 we support.

			 * If TLS 2.0 ever appears we will need to revise

			 * this....

			 */

			else if (p[9] > SSL3_VERSION_MAJOR)

				v[1]=0xff;

			else

				v[1]=p[10]; /* minor version according to client_version */

			if (v[1] >= TLS1_VERSION_MINOR)