Skip to content

Commit 6ce9687

Browse files
committed
Keep old method in case of an unsupported protocol
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set the method to NULL. We didn't used to do that, and it breaks things. This is a regression introduced in 62f45cc. Keep the old method since the code is not able to deal with a NULL method at this time. CVE-2014-3569, PR#3571 Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 392fa7a)
1 parent 20e6105 commit 6ce9687

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

Diff for: ssl/s23_srvr.c

+4-2
Original file line numberDiff line numberDiff line change
@@ -602,12 +602,14 @@ int ssl23_get_client_hello(SSL *s)
602602
if ((type == 2) || (type == 3))
603603
{
604604
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
605-
s->method = ssl23_get_server_method(s->version);
606-
if (s->method == NULL)
605+
const SSL_METHOD *new_method;
606+
new_method = ssl23_get_server_method(s->version);
607+
if (new_method == NULL)
607608
{
608609
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
609610
goto err;
610611
}
612+
s->method = new_method;
611613

612614
if (!ssl_init_wbio_buffer(s,1)) goto err;
613615

0 commit comments

Comments
 (0)