Bodo Moeller wrote:
>
> Dan Kegel <[EMAIL PROTECTED]>:
>
> > I just realized I have to accept either SSLV2 or SSLV3 (or TLS)
> > connections, so I switched from SSLv3_server_method() to
> > SSLv23_server_method(). But oops, that doesn't support SSL_peek()!
> > What to do?
>
> Use SSL_accept first. It will change the SSL object's method
> during the handshake.
Like this? Or are there unpleasant consequences to this
(e.g. does SSL_accept block, or something silly like that)?
This does seem to work in my one little test.
--- ssl/s23_srvr.c.orig Wed Mar 7 09:58:57 2001
+++ ssl/s23_srvr.c Wed Mar 7 12:54:02 2001
@@ -63,6 +63,7 @@
#include <openssl/evp.h>
#include "ssl_locl.h"
+static int ssl23_srvr_peek(SSL *s, char *buf, int len);
static SSL_METHOD *ssl23_get_server_method(int ver);
int ssl23_get_client_hello(SSL *s);
static SSL_METHOD *ssl23_get_server_method(int ver)
@@ -90,6 +91,7 @@
(char *)sslv23_base_method(),sizeof(SSL_METHOD));
SSLv23_server_data.ssl_accept=ssl23_accept;
SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+ SSLv23_server_data.ssl_peek=ssl23_srvr_peek;
init=0;
}
return(&SSLv23_server_data);
@@ -573,4 +575,19 @@
err:
if (buf != buf_space) OPENSSL_free(buf);
return(-1);
+ }
+
+/* Only used until ssl23_accept finishes */
+int ssl23_srvr_peek(SSL *s, char *buf, int len)
+ {
+ int ret;
+
+ /* can't call peek until accept decides whether it's v2 or v3 */
+ ret=ssl23_accept(s);
+ if (ret > 0)
+ {
+ /* don't know whether it's v2 or v3, so use the polymorphic call */
+ ret=SSL_peek(s, buf, len);
+ }
+ return(ret);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
