Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
f2ad3582
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
f2ad3582
编写于
4月 25, 2012
作者:
A
Andy Polyakov
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
s23_clnt.c: ensure interoperability by maitaining client "version capability"
vector contiguous. PR: 2802
上级
09e4e4b9
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
47 addition
and
18 deletion
+47
-18
CHANGES
CHANGES
+11
-1
ssl/s23_clnt.c
ssl/s23_clnt.c
+36
-17
未找到文件。
CHANGES
浏览文件 @
f2ad3582
...
...
@@ -288,7 +288,17 @@
is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
whose return value is often ignored.
[Steve Henson]
Changes between 1.0.1a and 1.0.1b [xx XXX xxxx]
*) In order to ensure interoperabilty SSL_OP_NO_protocolX does not
disable just protocol X, but all protocols above X *if* there are
protocols *below* X still enabled. In more practical terms it means
that if application wants to disable TLS1.0 in favor of TLS1.1 and
above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
[Andy Polyakov]
Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
...
...
ssl/s23_clnt.c
浏览文件 @
f2ad3582
...
...
@@ -282,32 +282,51 @@ static int ssl23_client_hello(SSL *s)
SSL_COMP
*
comp
;
#endif
int
ret
;
unsigned
long
mask
,
options
=
s
->
options
;
ssl2_compat
=
(
s
->
options
&
SSL_OP_NO_SSLv2
)
?
0
:
1
;
ssl2_compat
=
(
options
&
SSL_OP_NO_SSLv2
)
?
0
:
1
;
if
(
ssl2_compat
&&
ssl23_no_ssl2_ciphers
(
s
))
ssl2_compat
=
0
;
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1_2
))
{
version
=
TLS1_2_VERSION
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1_1
))
{
/*
* SSL_OP_NO_X disables all protocols above X *if* there are
* some protocols below X enabled. This is required in order
* to maintain "version capability" vector contiguous. So
* that if application wants to disable TLS1.0 in favour of
* TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
* answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
*/
mask
=
SSL_OP_NO_TLSv1_1
|
SSL_OP_NO_TLSv1
#if !defined(OPENSSL_NO_SSL3)
|
SSL_OP_NO_SSLv3
#endif
#if !defined(OPENSSL_NO_SSL2)
|
(
ssl2_compat
?
SSL_OP_NO_SSLv2
:
0
)
#endif
;
#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
version
=
TLS1_2_VERSION
;
if
((
options
&
SSL_OP_NO_TLSv1_2
)
&&
(
options
&
mask
)
!=
mask
)
version
=
TLS1_1_VERSION
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
{
#else
version
=
TLS1_1_VERSION
;
#endif
mask
&=
~
SSL_OP_NO_TLSv1_1
;
if
((
options
&
SSL_OP_NO_TLSv1_1
)
&&
(
options
&
mask
)
!=
mask
)
version
=
TLS1_VERSION
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_SSLv3
)
)
{
mask
&=
~
SSL_OP_NO_TLSv1
;
#if !defined(OPENSSL_NO_SSL3
)
if
((
options
&
SSL_OP_NO_TLSv1
)
&&
(
options
&
mask
)
!=
mask
)
version
=
SSL3_VERSION
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_SSLv2
))
{
mask
&=
~
SSL_OP_NO_SSLv3
;
#endif
#if !defined(OPENSSL_NO_SSL2)
if
((
options
&
SSL_OP_NO_SSLv3
)
&&
(
options
&
mask
)
!=
mask
)
version
=
SSL2_VERSION
;
}
#endif
#ifndef OPENSSL_NO_TLSEXT
if
(
version
!=
SSL2_VERSION
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录