mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

When selecting a method ensure we use the correct client/server version

Browse Source 
Using the client one when the server once should be used could cause a
later call to SSL_set_accept_state() to unexpectedly fail.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
This commit is contained in:
Matt Caswell 2024-01-18 12:07:27 +00:00
parent 5fb065589d
commit a86714041d
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/statem/statem_lib.c
View File

@ -1977,14 +1977,17 @@ int ssl_version_supported(const SSL_CONNECTION *s, int version,
for (vent = table;
vent->version != 0 && ssl_version_cmp(s, version, vent->version) <= 0;
++vent) {
if (vent->cmeth != NULL
const SSL_METHOD *(*thismeth)(void) = s->server ? vent->smeth
: vent->cmeth;
if (thismeth != NULL
&& ssl_version_cmp(s, version, vent->version) == 0
&& ssl_method_error(s, vent->cmeth()) == 0
&& ssl_method_error(s, thismeth()) == 0
&& (!s->server
|| version != TLS1_3_VERSION
|| is_tls13_capable(s))) {
if (meth != NULL)
*meth = vent->cmeth();
*meth = thismeth();
return 1;
}
}