wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined)

Browse Source
This commit is contained in:
Sean Parkinson
2018-03-02 09:56:03 +10:00
parent 1b2e43478d
commit dee74e98dd
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/tls.c
View File

@@ -9008,7 +9008,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
InitSSL_Method(method, MakeTLSv1_1());
#endif
#endif
#ifndef NO_OLD_TLS
#if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
method->downgrade = 1;
#endif
}
@@ -9132,7 +9132,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
#error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
#endif
#endif
#ifndef NO_OLD_TLS
#if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
method->downgrade = 1;
#endif
method->side = WOLFSSL_SERVER_END;

3
src/tls13.c
View File

@@ -3622,7 +3622,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) {
if (!ssl->options.downgrade) {
WOLFSSL_MSG("Client trying to connect with lesser version");
WOLFSSL_MSG("Client trying to connect with lesser version than "
"TLS v1.3");
return VERSION_ERROR;
}
ssl->version.minor = pv.minor;