diff options
author | David Benjamin <davidben@chromium.org> | 2014-12-13 01:33:12 -0500 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2014-12-13 23:19:36 +0000 |
commit | 1f48fba861901389b9e7ab1b3f569af30f25c4d5 (patch) | |
tree | 53f12119ecff18b411fba69d87ee9fe806c17a72 | |
parent | accb454e4481f02b17b0447d99852b348d105d52 (diff) | |
download | boringssl-1f48fba861901389b9e7ab1b3f569af30f25c4d5.zip boringssl-1f48fba861901389b9e7ab1b3f569af30f25c4d5.tar.gz boringssl-1f48fba861901389b9e7ab1b3f569af30f25c4d5.tar.bz2 |
Use have_version in clamping TLS record-layer version to 1.0.
Match the DTLS code. Rather than sniffing the handshake state, use the
have_version bit.
Change-Id: I40e92f187647417c34b4cfdc3ad258f5562e781b
Reviewed-on: https://boringssl-review.googlesource.com/2588
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | ssl/s3_pkt.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index e3c9393..e980cdc 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -736,16 +736,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, *(p++)=type&0xff; wr->type=type; - *(p++)=(s->version>>8); - /* Some servers hang if iniatial client hello is larger than 256 - * bytes and record version number > TLS 1.0 - */ - if (s->state == SSL3_ST_CW_CLNT_HELLO_B - && !s->renegotiate - && TLS1_get_version(s) > TLS1_VERSION) - *(p++) = 0x1; + /* Some servers hang if initial ClientHello is larger than 256 + * bytes and record version number > TLS 1.0. */ + if (!s->s3->have_version && s->version > SSL3_VERSION) + { + *(p++) = TLS1_VERSION >> 8; + *(p++) = TLS1_VERSION & 0xff; + } else - *(p++)=s->version&0xff; + { + *(p++) = s->version >> 8; + *(p++) = s->version & 0xff; + } /* field where we are to write out packet length */ plen=p; |