Commit df7ce507 authored by Matt Caswell's avatar Matt Caswell
Browse files

Rename clienthello.version to clienthello.legacy_version 



For consistency with the TLSv1.3 spec.

Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 58c9e32a

ssl/ssl_locl.h

+1 −1
Original line number Diff line number Diff line
@@ -1633,7 +1633,7 @@ typedef struct raw_extension_st { 


typedef struct {

    unsigned int isv2;

    unsigned int version;

    unsigned int legacy_version;

    unsigned char random[SSL3_RANDOM_SIZE];

    size_t session_id_len;

    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];

ssl/statem/statem_lib.c

+1 −1
Original line number Diff line number Diff line
@@ -992,7 +992,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello) 
     * handle version.

     */

    int server_version = s->method->version;

    int client_version = hello->version;

    int client_version = hello->legacy_version;

    const version_info *vent;

    const version_info *table;

    int disabled = 0;

ssl/statem/statem_srvr.c

+6 −6
Original line number Diff line number Diff line
@@ -939,7 +939,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) 
        }

    }



    if (!PACKET_get_net_2(pkt, &clienthello.version)) {

    if (!PACKET_get_net_2(pkt, &clienthello.legacy_version)) {

        al = SSL_AD_DECODE_ERROR;

        SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);

        goto err;
@@ -1082,8 +1082,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) 
    /* Choose the version */



    if (clienthello.isv2) {

        if (clienthello.version == SSL2_VERSION

                || (clienthello.version & 0xff00)

        if (clienthello.legacy_version == SSL2_VERSION

                || (clienthello.legacy_version & 0xff00)

                   != (SSL3_VERSION_MAJOR << 8)) {

            /*

             * This is real SSLv2 or something complete unknown. We don't
@@ -1093,7 +1093,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) 
            goto err;

        }

        /* SSLv3/TLS */

        s->client_version = clienthello.version;

        s->client_version = clienthello.legacy_version;

    }

    /*

     * Do SSL/TLS version negotiation if applicable. For DTLS we just check
@@ -1102,7 +1102,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) 
    if (!SSL_IS_DTLS(s)) {

        protverr = ssl_choose_server_version(s, &clienthello);

    } else if (s->method->version != DTLS_ANY_VERSION &&

               DTLS_VERSION_LT((int)clienthello.version, s->version)) {

               DTLS_VERSION_LT((int)clienthello.legacy_version, s->version)) {

        protverr = SSL_R_VERSION_TOO_LOW;

    } else {

        protverr = 0;
@@ -1112,7 +1112,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) 
        SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr);

        if ((!s->enc_write_ctx && !s->write_hash)) {

            /* like ssl3_get_record, send alert using remote version number */

            s->version = s->client_version = clienthello.version;

            s->version = s->client_version = clienthello.legacy_version;

        }

        al = SSL_AD_PROTOCOL_VERSION;

        goto f_err;