From 684b0592cb8bc41df13a3a7f01a3fabf58fdbd1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Wed, 6 May 2015 09:27:31 +0100
Subject: [PATCH] Move ssl_set_fallback() to work on conf

Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
---
 include/mbedtls/ssl.h      | 11 +++++------
 library/ssl_cli.c          |  2 +-
 library/ssl_tls.c          |  4 ++--
 programs/ssl/ssl_client2.c |  2 +-
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c57cb1cd6..a73ffe554 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -931,6 +931,9 @@ typedef struct
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
     unsigned int session_tickets : 1;   /*!< use session tickets?           */
 #endif
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned int fallback : 1;      /*!< is this a fallback?                */
+#endif
 }
 mbedtls_ssl_config;
 
@@ -956,10 +959,6 @@ struct mbedtls_ssl_context
     unsigned badmac_seen;       /*!< records with a bad MAC received    */
 #endif
 
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-    char fallback;              /*!< flag for fallback connections    */
-#endif
-
     /*
      * Callbacks
      */
@@ -1820,10 +1819,10 @@ int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor
  *                 while, then cause failures when the server is upgraded to
  *                 support a newer TLS version.
  *
- * \param ssl      SSL context
+ * \param conf     SSL configuration
  * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
  */
-void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback );
+void mbedtls_ssl_set_fallback( mbedtls_ssl_config *conf, char fallback );
 #endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 354cc5a2b..bbc88381a 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -733,7 +733,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
 
     /* Some versions of OpenSSL don't handle it correctly if not at end */
 #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
-    if( ssl->fallback == MBEDTLS_SSL_IS_FALLBACK )
+    if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
         *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e93182c75..f72a2c443 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5569,9 +5569,9 @@ int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor
 }
 
 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback )
+void mbedtls_ssl_set_fallback( mbedtls_ssl_config *conf, char fallback )
 {
-    ssl->fallback = fallback;
+    conf->fallback = fallback;
 }
 #endif
 
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index c6d1ff472..afaafc467 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1207,7 +1207,7 @@ int main( int argc, char *argv[] )
 
 #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
     if( opt.fallback != DFL_FALLBACK )
-        mbedtls_ssl_set_fallback( &ssl, opt.fallback );
+        mbedtls_ssl_set_fallback( &conf, opt.fallback );
 #endif
 
     mbedtls_printf( " ok\n" );