Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and

SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
author: jsing <jsing@openbsd.org> 2014-05-30 14:01:11 +0000
committer: jsing <jsing@openbsd.org> 2014-05-30 14:01:11 +0000
commit: e27a4fbc59fc24c61dde4d346e8ef3d550365271 (patch)
tree: 74edb1578efc479481873499374fc09897f580d8 /lib/libssl/t1_lib.c
parent: SBus glue for qlw(4) for sparc. Untested. (diff)
download: wireguard-openbsd-e27a4fbc59fc24c61dde4d346e8ef3d550365271.tar.xz
wireguard-openbsd-e27a4fbc59fc24c61dde4d346e8ef3d550365271.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index b15465d5500..fa70f21f95a 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -2028,7 +2028,7 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 	if (p >= limit)
 		return -1;
 	/* Skip past DTLS cookie */
-	if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+	if (SSL_IS_DTLS(s)) {
 		i = *(p++);
 		p += i;
 		if (p >= limit)
@@ -2296,9 +2296,10 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 	const EVP_MD *md;
 	CERT *c = s->cert;
 
-	/* Extension ignored for TLS versions below 1.2 */
-	if (TLS1_get_version(s) < TLS1_2_VERSION)
+	/* Extension ignored for inappropriate versions */
+	if (!SSL_USE_SIGALGS(s))
 		return 1;
+
 	/* Should never happen */
 	if (!c)
 		return 0;
author	jsing <jsing@openbsd.org>	2014-05-30 14:01:11 +0000
committer	jsing <jsing@openbsd.org>	2014-05-30 14:01:11 +0000
commit	e27a4fbc59fc24c61dde4d346e8ef3d550365271 (patch)
tree	74edb1578efc479481873499374fc09897f580d8 /lib/libssl/t1_lib.c
parent	SBus glue for qlw(4) for sparc. Untested. (diff)
download	wireguard-openbsd-e27a4fbc59fc24c61dde4d346e8ef3d550365271.tar.xz wireguard-openbsd-e27a4fbc59fc24c61dde4d346e8ef3d550365271.zip