Repair another bug in s23_get_client_hello:

tls1 did not survive to restarts, so get rid of it.
1999-09-10 16:41:01 +00:00 · 1999-09-10 16:41:01 +00:00 · cb0369d885
commit cb0369d885
parent 778f1092dd
3 changed files with 20 additions and 23 deletions
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@ -191,7 +191,7 @@ int ssl23_get_client_hello(SSL *s)
 	unsigned char *p,*d,*dd;
 	unsigned int i;
 	unsigned int csl,sil,cl;
-	int n=0,j,tls1=0;
+	int n=0,j;
 	int type=0,use_sslv2_strong=0;
 	int v[2];

@ -229,12 +229,13 @@ int ssl23_get_client_hello(SSL *s)
 					{
 					if (!(s->options & SSL_OP_NO_TLSv1))
 						{
-						tls1=1;
+						s->version=TLS1_VERSION;
 						/* type=2; */ /* done later to survive restarts */
 						s->state=SSL23_ST_SR_CLNT_HELLO_B;
 						}
 					else if (!(s->options & SSL_OP_NO_SSLv3))
 						{
+						s->version=SSL3_VERSION;
 						/* type=2; */
 						s->state=SSL23_ST_SR_CLNT_HELLO_B;
 						}
@ -245,6 +246,7 @@ int ssl23_get_client_hello(SSL *s)
 					}
 				else if (!(s->options & SSL_OP_NO_SSLv3))
 					{
+					s->version=SSL3_VERSION;
 					/* type=2; */
 					s->state=SSL23_ST_SR_CLNT_HELLO_B;
 					}
@ -329,11 +331,14 @@ int ssl23_get_client_hello(SSL *s)
 				{
 				if (!(s->options & SSL_OP_NO_TLSv1))
 					{
+					s->version=TLS1_VERSION;
 					type=3;
-					tls1=1;
 					}
 				else if (!(s->options & SSL_OP_NO_SSLv3))
+					{
+					s->version=SSL3_VERSION;
 					type=3;
+					}
 				}
 			else if (!(s->options & SSL_OP_NO_SSLv3))
 				type=3;
@ -356,12 +361,14 @@ int ssl23_get_client_hello(SSL *s)
 next_bit:
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
 		{
-		/* we have a SSLv3/TLSv1 in a SSLv2 header
-		 * (other cases skip this state)* */
+		/* we have SSLv3/TLSv1 in an SSLv2 header
+		 * (other cases skip this state) */
+
 		type=2;
 		p=s->packet;
-		v[0] = p[3];
+		v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
 		v[1] = p[4];
+
 		n=((p[0]&0x7f)<<8)|p[1];
 		if (n > (1024*4))
 			{
@ -386,11 +393,8 @@ next_bit:
 			goto err;
 			}

-		*(d++)=SSL3_VERSION_MAJOR;
-		if (tls1)
-			*(d++)=TLS1_VERSION_MINOR;
-		else
-			*(d++)=SSL3_VERSION_MINOR;
+		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+		*(d++) = v[1];

 		/* lets populate the random area */
 		/* get the chalenge_length */
@ -499,16 +503,10 @@ next_bit:
 			s->s3->rbuf.offset=0;
 			}

-		if (tls1)
-			{
-			s->version=TLS1_VERSION;
-			s->method=TLSv1_server_method();
-			}
+		if (s->version == TLS1_VERSION)
+			s->method = TLSv1_server_method();
 		else
-			{
-			s->version=SSL3_VERSION;
-			s->method=SSLv3_server_method();
-			}
+			s->method = SSLv3_server_method();
 #if 0 /* ssl3_get_client_hello does this */
 		s->client_version=(v[0]<<8)|v[1];
 #endif
@ -530,4 +528,3 @@ err:
 	if (buf != buf_space) Free(buf);
 	return(-1);
 	}
-
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@ -727,7 +727,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
 						num = INT_MAX;

 					if (num > 1)
-						--num; /* for testing restartability even more thoroughly */
+						--num; /* test restartability even more thoroughly */
 					
 					r = BIO_nwrite(io1, &dataptr, (int)num);
 					assert(r > 0);
--- a/test/testssl
+++ b/test/testssl
@ -64,7 +64,7 @@ echo test sslv2/sslv3 via BIO pair
 ./ssltest || exit 1

 echo test sslv2/sslv3 w/o DHE via BIO pair
-./ssltest -no_dhe || exit 1
+./ssltest -bio_pair -no_dhe || exit 1

 echo test sslv2/sslv3 with server authentication
 ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1