# define SSL_CONNECTION_IS_DTLS(s) \
(SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+/* Check if an SSL structure is using DTLS */
+# define SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s) \
+ ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 \
+ && !SSL_CONNECTION_IS_DTLS(s))
+
/* Check if we are using DTLSv1.3 */
# define SSL_CONNECTION_IS_DTLS13(s) (SSL_CONNECTION_IS_DTLS(s) \
&& DTLS_VERSION_GE(SSL_CONNECTION_GET_SSL(s)->method->version, DTLS1_3_VERSION) \
if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY
|| s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING)
st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;
- else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+ else if (SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)
&& s->hello_retry_request == SSL_HRR_NONE)
st->hand_state = TLS_ST_CW_CHANGE;
else if (s->s3.tmp.cert_req == 0)
* We are assuming this is a (D)TLSv1.3 connection, although we haven't
* actually selected a version yet.
*/
- if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
+ if (SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s))
st->hand_state = TLS_ST_CW_CHANGE;
else
st->hand_state = TLS_ST_EARLY_DATA;
* CCS unless middlebox compat mode is off, or we already issued one
* because we did early data.
*/
- if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+ if (SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)
&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
st->hand_state = TLS_ST_CW_CHANGE;
else
* cipher state function associated with the SSL_METHOD. Instead
* we call tls13_change_cipher_state() directly.
*/
- if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) {
+ if (!SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)) {
if (!tls13_change_cipher_state(s,
SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
/* SSLfatal() already called */
|| s->session->ssl_version == TLS1_3_VERSION
|| s->session->ssl_version == DTLS1_3_VERSION) {
if (s->version == TLS1_3_VERSION
- && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) {
+ && SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)) {
sess_id_len = sizeof(s->tmp_session_id);
s->tmp_session_id_len = sess_id_len;
session_id = s->tmp_session_id;
* compat this doesn't cause a problem.
*/
if (s->early_data_state == SSL_EARLY_DATA_NONE
- && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0
+ && !SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)
&& !ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
/* SSLfatal() already called */
if (SSL_CONNECTION_IS_VERSION13(s)
&& SSL_IS_FIRST_HANDSHAKE(s)
&& (s->early_data_state != SSL_EARLY_DATA_NONE
- || (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
+ || SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s))
&& (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {
/*
return WRITE_TRAN_CONTINUE;
case TLS_ST_SW_SRVR_HELLO:
- if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+ if (SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)
&& s->hello_retry_request != SSL_HRR_COMPLETE)
st->hand_state = TLS_ST_SW_CHANGE;
else if (s->hello_retry_request == SSL_HRR_PENDING)
case TLS_ST_SW_SRVR_HELLO:
if (SSL_CONNECTION_IS_VERSION13(s)
&& s->hello_retry_request == SSL_HRR_PENDING) {
- if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0
+ if (!SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)
&& statem_flush(s) != 1)
return WORK_MORE_A;
break;
}
#endif
if (!SSL_CONNECTION_IS_VERSION13(s)
- || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+ || (SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(s)
&& s->hello_retry_request != SSL_HRR_COMPLETE))
break;
/* Fall through */
projects / thirdparty / openssl.git / commitdiff
