mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Handle tls and dtls server version selection similarly

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22989)
This commit is contained in:
Frederik Wedel-Heinen 2023-12-08 21:00:43 +01:00 committed by Matt Caswell
parent cf424d1da0
commit f4ad7c2f73
1 changed files with 5 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ssl/statem/statem_srvr.c
View File

@ -1735,16 +1735,14 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
s->client_version = clienthello->legacy_version;
}
/*
* Do SSL/TLS version negotiation if applicable. For DTLS we just check
* versions are potentially compatible. Version negotiation comes later.
* Do SSL/TLS version negotiation if applicable.
*/
if (!SSL_CONNECTION_IS_DTLS(s)) {
protverr = ssl_choose_server_version(s, clienthello, &dgrd);
} else if (ssl->method->version != DTLS_ANY_VERSION &&
DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) {
if (SSL_CONNECTION_IS_DTLS(s)
&& ssl->method->version != DTLS_ANY_VERSION
&& DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) {
protverr = SSL_R_VERSION_TOO_LOW;
} else {
protverr = 0;
protverr = ssl_choose_server_version(s, clienthello, &dgrd);
}
if (protverr) {
@ -1783,14 +1781,6 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
}
s->d1->cookie_verified = 1;
}
if (ssl->method->version == DTLS_ANY_VERSION) {
protverr = ssl_choose_server_version(s, clienthello, &dgrd);
if (protverr != 0) {
s->version = s->client_version;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, protverr);
goto err;
}
}
}
s->hit = 0;