From 709e85ff7aac016d54db6ea4e81f77a9ba741d54 Mon Sep 17 00:00:00 2001
From: beck <beck@openbsd.org>
Date: Thu, 23 Jan 2020 07:30:55 +0000
Subject: Add checking int the client to check the magic values which are set
 by a 1.3 server when it downgrades to tls 1.2 or 1.1 as per RFC 8446 section
 4.1.3

ok jsing@
---
 lib/libssl/tls13_internal.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib/libssl/tls13_internal.h')

diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h
index 12ba5750a0d..f11d96f2ea2 100644
--- a/lib/libssl/tls13_internal.h
+++ b/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.48 2020/01/23 05:08:30 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.49 2020/01/23 07:30:55 beck Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -305,6 +305,9 @@ int tls13_error_setx(struct tls13_error *error, int code, int subcode,
 	tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
 	    (fmt), __VA_ARGS__)
 
+extern uint8_t tls13_downgrade_12[8];
+extern uint8_t tls13_downgrade_11[8];
+
 __END_HIDDEN_DECLS
 
 #endif
-- 
cgit v1.2.3-59-g8ed1b