diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-03-12 11:37:58 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-03-12 11:39:27 +0100 |
commit | 90e377f3a58149cfa9bca884af70732683b170c7 (patch) | |
tree | 9cd456d784db2bbc6f5de002225e1add0e2b06ae | |
parent | a5b4a5258f03de2e66f8cf0d019be6353d69c4ad (diff) | |
download | gnutls-90e377f3a58149cfa9bca884af70732683b170c7.tar.gz |
corrected ssl3 record version sending in client hello.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 2 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 4 |
4 files changed, 6 insertions, 4 deletions
@@ -5,6 +5,8 @@ See the end for copying conditions. * Version 2.xx.y (unreleased) +** libgnutls: Corrected default behavior in record version of Client Hellos. + ** libgnutls-openssl: modified to use modern gnutls' functions. This introduces an ABI incompatibility with previous versions. diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 6e78a4da26..f427a0dd57 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2078,7 +2078,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) _gnutls_set_adv_version (session, hver); _gnutls_set_current_version (session, hver); - if (session->internals.priorities.no_ssl3_record_version != 0) + if (session->internals.priorities.ssl3_record_version != 0) { /* Advertize the SSL 3.0 record packet version in * record packets during the handshake. diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 19b6ed77ea..f41f7cf04a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -444,7 +444,7 @@ struct gnutls_priority_st int no_padding:1; int allow_large_records:1; safe_renegotiation_t sr; - int no_ssl3_record_version:1; + int ssl3_record_version:1; int additional_verify_flags; }; diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index dc0a4e41ec..b6c1fba2b5 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -732,10 +732,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, } else if (strcasecmp (&broken_list[i][1], "SSL3_RECORD_VERSION") == 0) - (*priority_cache)->no_ssl3_record_version = 0; + (*priority_cache)->ssl3_record_version = 1; else if (strcasecmp (&broken_list[i][1], "LATEST_RECORD_VERSION") == 0) - (*priority_cache)->no_ssl3_record_version = 1; + (*priority_cache)->ssl3_record_version = 0; else if (strcasecmp (&broken_list[i][1], "VERIFY_ALLOW_X509_V1_CA_CRT") == 0) (*priority_cache)->additional_verify_flags |= |