wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 08455bc9b0 Tolerate DTLS alerts with an incorrect version number 
In the case of a protocol version alert being sent by a peer the record
version number may not be what we are expecting. In DTLS records with an
unexpected version number are silently discarded. This probably isn't
appropriate for alerts, so we tolerate a mismatch in the minor version
number.

This resolves an issue reported on openssl-users where an OpenSSL server
chose DTLS1.0 but the client was DTLS1.2 only and sent a protocol_version
alert with a 1.2 record number. This was silently ignored by the server.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5018)
2018-01-09 22:00:53 +00:00
..
record Tolerate DTLS alerts with an incorrect version number 2018-01-09 22:00:53 +00:00
statem Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c More record layer conversions to use SSLfatal() 2017-12-08 16:42:02 +00:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Move ossl_assert 2017-08-03 10:48:00 +01:00
packet_locl.h TLS1.3 Padding 2017-05-02 09:44:43 +01:00
pqueue.c Update copyright header 2017-07-30 17:42:00 -04:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Fix some formatting nits 2017-12-04 13:37:01 +00:00
s3_lib.c Alternate fix for ../test/recipes/80-test_ssl_old.t with no-ec 2017-12-27 16:37:22 +01:00
s3_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_asn1.c ssl/ssl_asn1.c: resolve warnings in VC-WIN32 build, which allows to add /WX. 2017-11-13 10:58:21 +01:00
ssl_cert.c Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
ssl_cert_table.h Add RSA-PSS key certificate type. 2017-09-20 12:50:23 +01:00
ssl_ciph.c Stop using unimplemented cipher classes. 2018-01-06 15:14:57 +01:00
ssl_conf.c Send a CCS after ServerHello in TLSv1.3 if using middlebox compat mode 2017-12-14 15:06:37 +00:00
ssl_err.c Send supported_versions in an HRR 2017-12-14 15:06:37 +00:00
ssl_init.c In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto() 2017-12-08 16:08:39 +01:00
ssl_lib.c Disable partial writes for early data 2017-12-28 17:32:41 +00:00
ssl_locl.h Fix minor 'the the' typos 2018-01-02 15:30:22 +00:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_sess.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Convert more functions in ssl/statem/statem.c to use SSLfatal() 2017-12-04 13:31:48 +00:00
t1_lib.c Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
t1_trce.c Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
tls13_enc.c Convert more functions in ssl/statem/statem.c to use SSLfatal() 2017-12-04 13:31:48 +00:00
tls_srp.c Convert remaining functions in statem_clnt.c to use SSLfatal() 2017-12-04 13:31:48 +00:00