eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix HelloVerifyRequest version handling

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-08-09 17:00:46 +02:00 committed by Paul Bakker
parent 4ba6ab6d0d
commit b35fe5638a
2 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
library/ssl_cli.c
View file

@ -975,9 +975,14 @@ static int ssl_parse_hello_verify_request( ssl_context *ssl )
ssl_read_version( &major_ver, &minor_ver, ssl->transport, p );
p += 2;
if( major_ver != SSL_MAJOR_VERSION_3 ||
/*
* Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
* even is lower than our min version.
*/
if( major_ver < SSL_MAJOR_VERSION_3 ||
minor_ver < SSL_MINOR_VERSION_2 ||
minor_ver > SSL_MINOR_VERSION_3 )
major_ver > ssl->max_major_ver ||
minor_ver > ssl->max_minor_ver )
{
SSL_DEBUG_MSG( 1, ( "bad server version" ) );