diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2014-10-28 23:07:58 +0100 |
|---|---|---|
| committer | Arne Schwabe <arne@rfc2549.org> | 2014-10-28 23:07:58 +0100 |
| commit | 192f5b50e32ed14945317325a5465f40abfcc587 (patch) | |
| tree | c58aa6ba75e3c0acaa4f9d91ab62efecf8d838bc /main/openssl/ssl/s3_lib.c | |
| parent | 22feeb602f32f1d58f4aa5168b5fc139e086e85d (diff) | |
Update Openssl to aosp/master (includes useless (for OpenVPN)) SSLv3 Fallback fix
--HG--
extra : rebase_source : 4ec3b7a7844aa1ca198c4538ecdf28f027ceb1b1
Diffstat (limited to 'main/openssl/ssl/s3_lib.c')
| -rw-r--r-- | main/openssl/ssl/s3_lib.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/main/openssl/ssl/s3_lib.c b/main/openssl/ssl/s3_lib.c index 896d1e19..dca9858d 100644 --- a/main/openssl/ssl/s3_lib.c +++ b/main/openssl/ssl/s3_lib.c @@ -3439,6 +3439,33 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 64; #endif /* !OPENSSL_NO_TLSEXT */ + + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ + if (s->version == s->ctx->method->version) + return 1; + /* Apparently we're using a version-flexible SSL_METHOD + * (not at its highest protocol version). */ + if (s->ctx->method->version == SSLv23_method()->version) + { +#if TLS_MAX_VERSION != TLS1_2_VERSION +# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. +#endif + if (!(s->options & SSL_OP_NO_TLSv1_2)) + return s->version == TLS1_2_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1_1)) + return s->version == TLS1_1_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1)) + return s->version == TLS1_VERSION; + if (!(s->options & SSL_OP_NO_SSLv3)) + return s->version == SSL3_VERSION; + if (!(s->options & SSL_OP_NO_SSLv2)) + return s->version == SSL2_VERSION; + } + return 0; /* Unexpected state; fail closed. */ + default: break; } @@ -3816,6 +3843,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) break; #endif #endif + default: return(0); } @@ -4406,4 +4434,3 @@ long ssl_get_algorithm2(SSL *s) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; } - |