Implement FALLBACK_SCSV client-side

commit: 1cbd39dbebdb46e46a8f30d4c40292b001c147b3 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 20 13:34:59 2014 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 16:00:49 2014 +0100
tree: 6aa08b5357bd51fa5df21a9660e2801c06bfd6b5
parent: a6c5ea2c438ad52aa4f5b6da14154e07d18628da [diff]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 27abb3e..50ab05f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -596,6 +596,17 @@
         *p++ = (unsigned char)( ciphersuites[i]      );
     }
 
+    /* Some versions of OpenSSL don't handle it correctly if not at end */
+#if defined(POLARSSL_SSL_FALLBACK_SCSV)
+    if( ssl->fallback == SSL_IS_FALLBACK )
+    {
+        SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
+        *p++ = (unsigned char)( SSL_FALLBACK_SCSV >> 8 );
+        *p++ = (unsigned char)( SSL_FALLBACK_SCSV      );
+        n++;
+    }
+#endif
+
     *q++ = (unsigned char)( n >> 7 );
     *q++ = (unsigned char)( n << 1 );
 

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5f080de..bd4494f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3977,6 +3977,13 @@
     }
 }
 
+#if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
+void ssl_set_fallback( ssl_context *ssl, char fallback )
+{
+    ssl->fallback = fallback;
+}
+#endif
+
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
 {
commit	1cbd39dbebdb46e46a8f30d4c40292b001c147b3	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Oct 20 13:34:59 2014 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Nov 05 16:00:49 2014 +0100
tree	6aa08b5357bd51fa5df21a9660e2801c06bfd6b5
parent	a6c5ea2c438ad52aa4f5b6da14154e07d18628da [diff]