mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tls: Initialize SSL context tls_version in mbedtls_ssl_setup()

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2023-03-08 15:30:43 +01:00
parent 5af4c7f0e2
commit 8a12aeec93
3 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
include/mbedtls/ssl.h
View File

@ -1605,19 +1605,21 @@ struct mbedtls_ssl_context {
renego_max_records is < 0 */ renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
/** Server: Negotiated TLS protocol version. /**
* Client: Maximum TLS version to be negotiated, then negotiated TLS * Maximum TLS version to be negotiated, then negotiated TLS version.
* version.
* *
* It is initialized as the maximum TLS version to be negotiated in the * It is initialized as the configured maximum TLS version to be
* ClientHello writing preparation stage and used throughout the * negotiated by mbedtls_ssl_setup().
* ClientHello writing. For a fresh handshake not linked to any previous
* handshake, it is initialized to the configured maximum TLS version
* to be negotiated. When renegotiating or resuming a session, it is
* initialized to the previously negotiated TLS version.
* *
* Updated to the negotiated TLS version as soon as the ServerHello is * When renegotiating or resuming a session, it is overwritten in the
* received. * ClientHello writing preparation stage with the previously negotiated
* TLS version.
*
* On client side, updated to the TLS version selected by the server for
* the handshake when the ServerHello is received.
*
* On server side, updated to the TLS version the server selects for the
* handshake when the ClientHello is received.
*/ */
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);

1
library/ssl_client.c
View File

@ -769,7 +769,6 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
ssl->tls_version = session_negotiate->tls_version; ssl->tls_version = session_negotiate->tls_version;
ssl->handshake->min_tls_version = ssl->tls_version; ssl->handshake->min_tls_version = ssl->tls_version;
} else { } else {
ssl->tls_version = ssl->conf->max_tls_version;
ssl->handshake->min_tls_version = ssl->conf->min_tls_version; ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
} }
} }

1
library/ssl_tls.c
View File

@ -1393,6 +1393,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
if ((ret = ssl_conf_check(ssl)) != 0) { if ((ret = ssl_conf_check(ssl)) != 0) {
return ret; return ret;
} }
ssl->tls_version = ssl->conf->max_tls_version;
/* /*
* Prepare base structures * Prepare base structures