From 970acf874db22f09b7e42996a54559867b6102e2 Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 25 Feb 2021 17:06:05 +0000 Subject: Only use TLS versions internally (rather than both TLS and DTLS versions). DTLS protocol version numbers are the 1's compliment of human readable TLS version numbers, which means that newer versions decrease in value and there is no direct mapping between TLS protocol version numbers and DTLS protocol version numbers. Rather than having to deal with this internally, only use TLS versions internally and map between DTLS and TLS protocol versions when necessary. Rename functions and variables to use 'tls_version' when they contain a TLS version (and never a DTLS version). ok tb@ --- lib/libssl/ssl_packet.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib/libssl/ssl_packet.c') diff --git a/lib/libssl/ssl_packet.c b/lib/libssl/ssl_packet.c index fc1c3c07de7..b383fe83e9b 100644 --- a/lib/libssl/ssl_packet.c +++ b/lib/libssl/ssl_packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_packet.c,v 1.9 2020/10/14 16:57:33 jsing Exp $ */ +/* $OpenBSD: ssl_packet.c,v 1.10 2021/02/25 17:06:05 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -247,12 +247,13 @@ ssl_server_legacy_first_packet(SSL *s) return 1; /* Only continue if this is not a version locked method. */ - if (s->method->internal->min_version == s->method->internal->max_version) + if (s->method->internal->min_tls_version == + s->method->internal->max_tls_version) return 1; if (ssl_is_sslv2_client_hello(&header) == 1) { /* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */ - if (ssl_enabled_version_range(s, &min_version, NULL) != 1) { + if (ssl_enabled_tls_version_range(s, &min_version, NULL) != 1) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); return -1; } -- cgit v1.2.3-59-g8ed1b