diff options
| author | mrezai | 2016-04-15 19:03:35 +0430 |
|---|---|---|
| committer | Rémi Verschelde | 2016-04-27 08:49:39 +0200 |
| commit | 3efa0f130dbaaba5eecb42f76ed7518eedfdf0c8 (patch) | |
| tree | 91da0400f0a1386f7122e25c559abdfb53a9ec9e /drivers/builtin_openssl2/ssl/s23_clnt.c | |
| parent | 47c7b535d2cdcb89c7799475662c70ca9c7ff41d (diff) | |
| download | godot-3efa0f130dbaaba5eecb42f76ed7518eedfdf0c8.tar.gz godot-3efa0f130dbaaba5eecb42f76ed7518eedfdf0c8.tar.zst godot-3efa0f130dbaaba5eecb42f76ed7518eedfdf0c8.zip | |
Update OpenSSL to version 1.0.2g
(cherry picked from commit e97922f22038e9049ed4c2db5b3736dfaa0edde3)
Diffstat (limited to 'drivers/builtin_openssl2/ssl/s23_clnt.c')
| -rw-r--r-- | drivers/builtin_openssl2/ssl/s23_clnt.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/drivers/builtin_openssl2/ssl/s23_clnt.c b/drivers/builtin_openssl2/ssl/s23_clnt.c index 2b2855dee..f782010c4 100644 --- a/drivers/builtin_openssl2/ssl/s23_clnt.c +++ b/drivers/builtin_openssl2/ssl/s23_clnt.c @@ -279,7 +279,6 @@ static int ssl23_no_ssl2_ciphers(SSL *s) int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) { int send_time = 0; - if (len < 4) return 0; if (server) @@ -303,6 +302,7 @@ static int ssl23_client_hello(SSL *s) unsigned long l; int ssl2_compat; int version = 0, version_major, version_minor; + int al = 0; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; @@ -368,6 +368,8 @@ static int ssl23_client_hello(SSL *s) || s->tlsext_opaque_prf_input != NULL) ssl2_compat = 0; # endif + if (s->cert->cli_ext.meths_count != 0) + ssl2_compat = 0; } #endif @@ -388,6 +390,10 @@ static int ssl23_client_hello(SSL *s) if (version == TLS1_2_VERSION) { version_major = TLS1_2_VERSION_MAJOR; version_minor = TLS1_2_VERSION_MINOR; + } else if (tls1_suiteb(s)) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); + return -1; } else if (version == TLS1_1_VERSION) { version_major = TLS1_1_VERSION_MAJOR; version_minor = TLS1_1_VERSION_MINOR; @@ -540,9 +546,9 @@ static int ssl23_client_hello(SSL *s) } if ((p = ssl_add_clienthello_tlsext(s, p, - buf + - SSL3_RT_MAX_PLAIN_LENGTH)) == - NULL) { + buf + SSL3_RT_MAX_PLAIN_LENGTH, + &al)) == NULL) { + ssl3_send_alert(s, SSL3_AL_FATAL, al); SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return -1; } @@ -596,10 +602,13 @@ static int ssl23_client_hello(SSL *s) if (ssl2_compat) s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg); - else + else { + s->msg_callback(1, version, SSL3_RT_HEADER, s->init_buf->data, 5, + s, s->msg_callback_arg); s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg); + } } return ret; @@ -749,9 +758,12 @@ static int ssl23_get_server_hello(SSL *s) cb(s, SSL_CB_READ_ALERT, j); } - if (s->msg_callback) + if (s->msg_callback) { + s->msg_callback(0, s->version, SSL3_RT_HEADER, p, 5, s, + s->msg_callback_arg); s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg); + } s->rwstate = SSL_NOTHING; SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]); |