diff options
| author | Rémi Verschelde <rverschelde@gmail.com> | 2018-01-13 13:39:08 +0100 |
|---|---|---|
| committer | Rémi Verschelde <rverschelde@gmail.com> | 2018-01-13 13:39:08 +0100 |
| commit | 00abb1f201cbe1e40c2eef30819be115d3d04d10 (patch) | |
| tree | 7eb36871dd7af02db7d2f59482644a56bc79d7bb /thirdparty/openssl/ssl/s23_clnt.c | |
| parent | de0b31edd5b36b8c8016b7ca50c1823f2efbfa74 (diff) | |
| download | redot-engine-00abb1f201cbe1e40c2eef30819be115d3d04d10.tar.gz | |
openssl: Update to pristine 1.0.2n (security update)
Diffstat (limited to 'thirdparty/openssl/ssl/s23_clnt.c')
| -rw-r--r-- | thirdparty/openssl/ssl/s23_clnt.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/thirdparty/openssl/ssl/s23_clnt.c b/thirdparty/openssl/ssl/s23_clnt.c index b80d1fd8ce..add8c9916c 100644 --- a/thirdparty/openssl/ssl/s23_clnt.c +++ b/thirdparty/openssl/ssl/s23_clnt.c @@ -735,7 +735,37 @@ static int ssl23_get_server_hello(SSL *s) s->version = TLS1_2_VERSION; s->method = TLSv1_2_client_method(); } else { + /* + * Unrecognised version, we'll send a protocol version alert using + * our preferred version. + */ + switch(s->client_version) { + default: + /* + * Shouldn't happen + * Fall through + */ + case TLS1_2_VERSION: + s->version = TLS1_2_VERSION; + s->method = TLSv1_2_client_method(); + break; + case TLS1_1_VERSION: + s->version = TLS1_1_VERSION; + s->method = TLSv1_1_client_method(); + break; + case TLS1_VERSION: + s->version = TLS1_VERSION; + s->method = TLSv1_client_method(); + break; +#ifndef OPENSSL_NO_SSL3 + case SSL3_VERSION: + s->version = SSL3_VERSION; + s->method = SSLv3_client_method(); + break; +#endif + } SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION); goto err; } |