Avoid protocol rollback.
This commit is contained in:
parent
dbba890cf1
commit
f1192b7f2e
10
CHANGES
10
CHANGES
@ -4,6 +4,16 @@
|
||||
|
||||
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
|
||||
|
||||
*) In ssl23_get_client_hello, generate an error message when faced
|
||||
with an initial SSL 3.0/TLS record that is too small to contain the
|
||||
first two bytes of the ClientHello message, i.e. client_version.
|
||||
(Note that this is a pathologic case that probably has never happened
|
||||
in real life.) The previous approach was to use the version number
|
||||
from the record header as a subsitute; but our protocol choice
|
||||
should not depend on that one because it is not authenticated
|
||||
by the Finished messages.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
|
||||
not set then we don't setup the error code for issuer check errors
|
||||
to avoid possibly overwriting other errors which the callback does
|
||||
|
@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s)
|
||||
* SSLv3 or tls1 header
|
||||
*/
|
||||
|
||||
v[0]=p[1]; /* major version */
|
||||
v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
|
||||
/* We must look at client_version inside the Client Hello message
|
||||
* to get the correct minor version: */
|
||||
v[1]=p[10];
|
||||
/* However if we have only a pathologically small fragment of the
|
||||
* Client Hello message, we simply use the version from the
|
||||
* record header -- this is incorrect but unlikely to fail in
|
||||
* practice */
|
||||
* to get the correct minor version.
|
||||
* However if we have only a pathologically small fragment of the
|
||||
* Client Hello message, this would be difficult, we'd have
|
||||
* to read at least one additional record to find out.
|
||||
* This doesn't usually happen in real life, so we just complain
|
||||
* for now.
|
||||
*/
|
||||
if (p[3] == 0 && p[4] < 6)
|
||||
v[1]=p[2];
|
||||
{
|
||||
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
|
||||
goto err;
|
||||
}
|
||||
v[1]=p[10]; /* minor version according to client_version */
|
||||
if (v[1] >= TLS1_VERSION_MINOR)
|
||||
{
|
||||
if (!(s->options & SSL_OP_NO_TLSv1))
|
||||
|
@ -1471,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
|
||||
#define SSL_R_READ_WRONG_PACKET_TYPE 212
|
||||
#define SSL_R_RECORD_LENGTH_MISMATCH 213
|
||||
#define SSL_R_RECORD_TOO_LARGE 214
|
||||
#define SSL_R_RECORD_TOO_SMALL 1093
|
||||
#define SSL_R_REQUIRED_CIPHER_MISSING 215
|
||||
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
|
||||
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
|
||||
|
@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"},
|
||||
{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"},
|
||||
{SSL_R_RECORD_TOO_LARGE ,"record too large"},
|
||||
{SSL_R_RECORD_TOO_SMALL ,"record too small"},
|
||||
{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"},
|
||||
{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"},
|
||||
{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"},
|
||||
|
Loading…
Reference in New Issue
Block a user