yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-25 16:55:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix HelloVerifyRequest version handling

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-08-09 17:00:46 +02:00 committed by Paul Bakker
parent 4ba6ab6d0d
commit b35fe5638a
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/ssl_cli.c
View File

@ -975,9 +975,14 @@ static int ssl_parse_hello_verify_request( ssl_context *ssl )
ssl_read_version( &major_ver, &minor_ver, ssl->transport, p );
p += 2;
if( major_ver != SSL_MAJOR_VERSION_3 ||
/*
* Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
* even is lower than our min version.
*/
if( major_ver < SSL_MAJOR_VERSION_3 ||
minor_ver < SSL_MINOR_VERSION_2 ||
minor_ver > SSL_MINOR_VERSION_3 )
major_ver > ssl->max_major_ver ||
minor_ver > ssl->max_minor_ver )
{
SSL_DEBUG_MSG( 1, ( "bad server version" ) );

5
library/ssl_srv.c
View File

@ -1981,8 +1981,9 @@ static int ssl_write_hello_verify_request( ssl_context *ssl )
* } HelloVerifyRequest;
*/
/* For now, use fixed version = DTLS 1.0 */
ssl_write_version( SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
/* The RFC is not clear on this point, but sending the actual negotiated
* version looks like the most interoperable thing to do. */
ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->transport, p );
SSL_DEBUG_BUF( 3, "server version", (unsigned char *) p, 2 );
p += 2;