TLS: Fix record layer protocol version validation

TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
protocol version in record later. As such, accept any {03,xx} value
to remain compatible with existing implementations and new protocol
versions.
This commit is contained in:
Jouni Malinen 2011-09-25 16:48:06 +03:00
parent 54b8f99454
commit 61f1ed911d

View file

@ -1,6 +1,6 @@
/*
* TLSv1 Record Protocol
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
* Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@ -275,9 +275,14 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
return -1;
}
if (WPA_GET_BE16(in_data + 1) != TLS_VERSION) {
/*
* TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
* protocol version in record layer. As such, accept any {03,xx} value
* to remain compatible with existing implementations.
*/
if (in_data[1] != 0x03) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version "
"%d.%d", in_data[1], in_data[2]);
"%u.%u", in_data[1], in_data[2]);
*alert = TLS_ALERT_PROTOCOL_VERSION;
return -1;
}