eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix HelloVerifyRequest version handling

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-08-09 17:00:46 +02:00 committed by Paul Bakker
parent 4ba6ab6d0d
commit b35fe5638a
2 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
library/ssl_cli.c
View file

@ -975,9 +975,14 @@ static int ssl_parse_hello_verify_request( ssl_context *ssl )
ssl_read_version( &major_ver, &minor_ver, ssl->transport, p ); ssl_read_version( &major_ver, &minor_ver, ssl->transport, p );
p += 2; p += 2;
if( major_ver != SSL_MAJOR_VERSION_3 || /*
* Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
* even is lower than our min version.
*/
if( major_ver < SSL_MAJOR_VERSION_3 ||
minor_ver < SSL_MINOR_VERSION_2 || minor_ver < SSL_MINOR_VERSION_2 ||
minor_ver > SSL_MINOR_VERSION_3 ) major_ver > ssl->max_major_ver ||
minor_ver > ssl->max_minor_ver )
{ {
SSL_DEBUG_MSG( 1, ( "bad server version" ) ); SSL_DEBUG_MSG( 1, ( "bad server version" ) );

5
library/ssl_srv.c
View file

@ -1981,8 +1981,9 @@ static int ssl_write_hello_verify_request( ssl_context *ssl )
* } HelloVerifyRequest; * } HelloVerifyRequest;
*/ */
/* For now, use fixed version = DTLS 1.0 */ /* The RFC is not clear on this point, but sending the actual negotiated
ssl_write_version( SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, * version looks like the most interoperable thing to do. */
ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->transport, p ); ssl->transport, p );
SSL_DEBUG_BUF( 3, "server version", (unsigned char *) p, 2 ); SSL_DEBUG_BUF( 3, "server version", (unsigned char *) p, 2 );
p += 2; p += 2;