diff options
author | Matt Caswell <matt@openssl.org> | 2022-08-26 17:34:40 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-09-23 14:54:49 +0100 |
commit | 1d3676778c280ef05044c4c9e696a4f8096530ea (patch) | |
tree | be15477e46c3378a2c6b2c40db13f457e4af7d59 /ssl/s3_msg.c | |
parent | e7694c69b5fed37f5cdf72b70f507c7188db7e3d (diff) | |
download | openssl-new-1d3676778c280ef05044c4c9e696a4f8096530ea.tar.gz |
Move logic for figuring out the record version out of record layer
This calculation is based on lots of information from state machine and
elsewhere that the record layer cannot access. In reality it is sufficient
to simply tell the record layer what version to use.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Diffstat (limited to 'ssl/s3_msg.c')
-rw-r--r-- | ssl/s3_msg.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 01ff53bec0..64e23f3a9b 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -93,6 +93,14 @@ int ssl3_dispatch_alert(SSL *s) } templ.type = SSL3_RT_ALERT; + templ.version = (sc->version == TLS1_3_VERSION) ? TLS1_2_VERSION + : sc->version; + if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO + && !sc->renegotiate + && TLS1_get_version(s) > TLS1_VERSION + && sc->hello_retry_request == SSL_HRR_NONE) { + templ.version = TLS1_VERSION; + } templ.buf = &sc->s3.send_alert[0]; templ.buflen = 2; |