diff options
author | Matt Caswell <matt@openssl.org> | 2022-06-08 14:52:44 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-08-18 16:38:13 +0100 |
commit | 222cf410d5e7bdd58dd50a0a3f1f0805707808ef (patch) | |
tree | 5505e71a7ee046d082b17de744d4af59c61d09e9 /ssl/statem/statem_lib.c | |
parent | eddb067e2ce82bc2ea104b3ab5286fe334c0525d (diff) |
Remove reliance on the SSL object from the DTLS read record layer code
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r-- | ssl/statem/statem_lib.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d1614a56d8..6651c26935 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2196,9 +2196,21 @@ int ssl_set_client_hello_version(SSL_CONNECTION *s) s->version = ver_max; - /* TLS1.3 always uses TLS1.2 in the legacy_version field */ - if (!SSL_CONNECTION_IS_DTLS(s) && ver_max > TLS1_2_VERSION) + if (SSL_CONNECTION_IS_DTLS(s)) { + if (ver_max == DTLS1_BAD_VER) { + /* + * Even though this is technically before version negotiation, + * because we have asked for DTLS1_BAD_VER we will never negotiate + * anything else, and this has impacts on the record layer for when + * we read the ServerHello. So we need to tell the record layer + * about this immediately. + */ + s->rrlmethod->set_protocol_version(s->rrl, ver_max); + } + } else if (ver_max > TLS1_2_VERSION) { + /* TLS1.3 always uses TLS1.2 in the legacy_version field */ ver_max = TLS1_2_VERSION; + } s->client_version = ver_max; return 0; |