summaryrefslogtreecommitdiff
path: root/lib/libssl/s23_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/s23_clnt.c')
-rw-r--r--lib/libssl/s23_clnt.c63
1 files changed, 23 insertions, 40 deletions
diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c
index 86356731ea6..c45a8e0a04c 100644
--- a/lib/libssl/s23_clnt.c
+++ b/lib/libssl/s23_clnt.c
@@ -80,28 +80,10 @@ static SSL_METHOD *ssl23_get_client_method(int ver)
return(NULL);
}
-SSL_METHOD *SSLv23_client_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv23_client_data;
-
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
- if (init)
- {
- memcpy((char *)&SSLv23_client_data,
- (char *)sslv23_base_method(),sizeof(SSL_METHOD));
- SSLv23_client_data.ssl_connect=ssl23_connect;
- SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv23_client_data);
- }
+IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
+ ssl_undefined_function,
+ ssl23_connect,
+ ssl23_get_client_method)
int ssl23_connect(SSL *s)
{
@@ -241,6 +223,17 @@ static int ssl23_client_hello(SSL *s)
{
version = SSL2_VERSION;
}
+#ifndef OPENSSL_NO_TLSEXT
+ if (version != SSL2_VERSION)
+ {
+ /* have to disable SSL 2.0 compatibility if we need TLS extensions */
+
+ if (s->tlsext_hostname != NULL)
+ ssl2_compat = 0;
+ if (s->tlsext_status_type != -1)
+ ssl2_compat = 0;
+ }
+#endif
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
@@ -254,7 +247,7 @@ static int ssl23_client_hello(SSL *s)
#endif
p=s->s3->client_random;
- Time=(unsigned long)time(NULL); /* Time */
+ Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
return -1;
@@ -264,14 +257,6 @@ static int ssl23_client_hello(SSL *s)
version_major = TLS1_VERSION_MAJOR;
version_minor = TLS1_VERSION_MINOR;
}
-#ifdef OPENSSL_FIPS
- else if(FIPS_mode())
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,
- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- return -1;
- }
-#endif
else if (version == SSL3_VERSION)
{
version_major = SSL3_VERSION_MAJOR;
@@ -386,6 +371,13 @@ static int ssl23_client_hello(SSL *s)
*(p++)=comp->id;
}
*(p++)=0; /* Add the NULL method */
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+ {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+#endif
l = p-d;
*p = 42;
@@ -544,14 +536,6 @@ static int ssl23_get_server_hello(SSL *s)
if ((p[2] == SSL3_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_SSLv3))
{
-#ifdef OPENSSL_FIPS
- if(FIPS_mode())
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- goto err;
- }
-#endif
s->version=SSL3_VERSION;
s->method=SSLv3_client_method();
}
@@ -608,7 +592,6 @@ static int ssl23_get_server_hello(SSL *s)
if (!ssl_get_new_session(s,0))
goto err;
- s->first_packet=1;
return(SSL_connect(s));
err:
return(-1);