diff options
| author | marha <marha@users.sourceforge.net> | 2012-04-10 11:41:26 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2012-04-10 11:41:26 +0200 |
| commit | 67326634496ef21b4acbf4cef2f05040d34aef9b (patch) | |
| tree | f19fba7c7b691e44cd97482644e383e09ab98c49 /openssl/ssl/s23_srvr.c | |
| parent | c6f80401dc533b04341afe8d596960d1bc25efce (diff) | |
| download | vcxsrv-67326634496ef21b4acbf4cef2f05040d34aef9b.tar.gz vcxsrv-67326634496ef21b4acbf4cef2f05040d34aef9b.tar.bz2 vcxsrv-67326634496ef21b4acbf4cef2f05040d34aef9b.zip | |
Update to openssl-1.0.1
Diffstat (limited to 'openssl/ssl/s23_srvr.c')
| -rw-r--r-- | openssl/ssl/s23_srvr.c | 52 |
1 files changed, 48 insertions, 4 deletions
diff --git a/openssl/ssl/s23_srvr.c b/openssl/ssl/s23_srvr.c index 836dd1f1c..487784901 100644 --- a/openssl/ssl/s23_srvr.c +++ b/openssl/ssl/s23_srvr.c @@ -115,6 +115,9 @@ #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/evp.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif static const SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); @@ -128,6 +131,10 @@ static const SSL_METHOD *ssl23_get_server_method(int ver) return(SSLv3_server_method()); else if (ver == TLS1_VERSION) return(TLSv1_server_method()); + else if (ver == TLS1_1_VERSION) + return(TLSv1_1_server_method()); + else if (ver == TLS1_2_VERSION) + return(TLSv1_2_server_method()); else return(NULL); } @@ -283,7 +290,20 @@ int ssl23_get_client_hello(SSL *s) /* SSLv3/TLSv1 */ if (p[4] >= TLS1_VERSION_MINOR) { - if (!(s->options & SSL_OP_NO_TLSv1)) + if (p[4] >= TLS1_2_VERSION_MINOR && + !(s->options & SSL_OP_NO_TLSv1_2)) + { + s->version=TLS1_2_VERSION; + s->state=SSL23_ST_SR_CLNT_HELLO_B; + } + else if (p[4] >= TLS1_1_VERSION_MINOR && + !(s->options & SSL_OP_NO_TLSv1_1)) + { + s->version=TLS1_1_VERSION; + /* type=2; */ /* done later to survive restarts */ + s->state=SSL23_ST_SR_CLNT_HELLO_B; + } + else if (!(s->options & SSL_OP_NO_TLSv1)) { s->version=TLS1_VERSION; /* type=2; */ /* done later to survive restarts */ @@ -350,7 +370,19 @@ int ssl23_get_client_hello(SSL *s) v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { - if (!(s->options & SSL_OP_NO_TLSv1)) + if (v[1] >= TLS1_2_VERSION_MINOR && + !(s->options & SSL_OP_NO_TLSv1_2)) + { + s->version=TLS1_2_VERSION; + type=3; + } + else if (v[1] >= TLS1_1_VERSION_MINOR && + !(s->options & SSL_OP_NO_TLSv1_1)) + { + s->version=TLS1_1_VERSION; + type=3; + } + else if (!(s->options & SSL_OP_NO_TLSv1)) { s->version=TLS1_VERSION; type=3; @@ -393,6 +425,15 @@ int ssl23_get_client_hello(SSL *s) } } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (s->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header @@ -567,8 +608,11 @@ int ssl23_get_client_hello(SSL *s) s->s3->rbuf.left=0; s->s3->rbuf.offset=0; } - - if (s->version == TLS1_VERSION) + if (s->version == TLS1_2_VERSION) + s->method = TLSv1_2_server_method(); + else if (s->version == TLS1_1_VERSION) + s->method = TLSv1_1_server_method(); + else if (s->version == TLS1_VERSION) s->method = TLSv1_server_method(); else s->method = SSLv3_server_method(); |