feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined)

Browse Source
This commit is contained in:
Sean Parkinson
2018-03-02 09:56:03 +10:00
parent 1b2e43478d
commit dee74e98dd
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/tls.c
View File

@@ -9008,7 +9008,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
InitSSL_Method(method, MakeTLSv1_1()); InitSSL_Method(method, MakeTLSv1_1());
#endif #endif
#endif #endif
#ifndef NO_OLD_TLS #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
method->downgrade = 1; method->downgrade = 1;
#endif #endif
} }
@@ -9132,7 +9132,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
#error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
#endif #endif
#endif #endif
#ifndef NO_OLD_TLS #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
method->downgrade = 1; method->downgrade = 1;
#endif #endif
method->side = WOLFSSL_SERVER_END; method->side = WOLFSSL_SERVER_END;

3
src/tls13.c
View File

@@ -3622,7 +3622,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) { if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) {
if (!ssl->options.downgrade) { if (!ssl->options.downgrade) {
WOLFSSL_MSG("Client trying to connect with lesser version"); WOLFSSL_MSG("Client trying to connect with lesser version than "
"TLS v1.3");
return VERSION_ERROR; return VERSION_ERROR;
} }
ssl->version.minor = pv.minor; ssl->version.minor = pv.minor;