Move ssl_set_fallback() to work on conf
Initially thought it would be per-connection, but since max_version is in conf too, and you need to lower that for a fallback connection, the fallback flag should be in the same place
This commit is contained in:
parent
6bf89d6ad9
commit
684b0592cb
4 changed files with 9 additions and 10 deletions
|
@ -931,6 +931,9 @@ typedef struct
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
unsigned int session_tickets : 1; /*!< use session tickets? */
|
unsigned int session_tickets : 1; /*!< use session tickets? */
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
unsigned int fallback : 1; /*!< is this a fallback? */
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
mbedtls_ssl_config;
|
mbedtls_ssl_config;
|
||||||
|
|
||||||
|
@ -956,10 +959,6 @@ struct mbedtls_ssl_context
|
||||||
unsigned badmac_seen; /*!< records with a bad MAC received */
|
unsigned badmac_seen; /*!< records with a bad MAC received */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
char fallback; /*!< flag for fallback connections */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Callbacks
|
* Callbacks
|
||||||
*/
|
*/
|
||||||
|
@ -1820,10 +1819,10 @@ int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor
|
||||||
* while, then cause failures when the server is upgraded to
|
* while, then cause failures when the server is upgraded to
|
||||||
* support a newer TLS version.
|
* support a newer TLS version.
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param conf SSL configuration
|
||||||
* \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
|
* \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback );
|
void mbedtls_ssl_set_fallback( mbedtls_ssl_config *conf, char fallback );
|
||||||
#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
|
|
|
@ -733,7 +733,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
/* Some versions of OpenSSL don't handle it correctly if not at end */
|
/* Some versions of OpenSSL don't handle it correctly if not at end */
|
||||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||||
if( ssl->fallback == MBEDTLS_SSL_IS_FALLBACK )
|
if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
|
||||||
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
|
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
|
||||||
|
|
|
@ -5569,9 +5569,9 @@ int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback )
|
void mbedtls_ssl_set_fallback( mbedtls_ssl_config *conf, char fallback )
|
||||||
{
|
{
|
||||||
ssl->fallback = fallback;
|
conf->fallback = fallback;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -1207,7 +1207,7 @@ int main( int argc, char *argv[] )
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||||
if( opt.fallback != DFL_FALLBACK )
|
if( opt.fallback != DFL_FALLBACK )
|
||||||
mbedtls_ssl_set_fallback( &ssl, opt.fallback );
|
mbedtls_ssl_set_fallback( &conf, opt.fallback );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
Loading…
Reference in a new issue