diff options
| author | Bodo Möller <bodo@openssl.org> | 2003-07-21 15:17:46 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2003-07-21 15:17:46 +0000 |
| commit | ddc38679cedcd154eb18187b8c384b1a05f61fc6 (patch) | |
| tree | 48d97c40ed920f7ee3c5af850fbb85337a0333ee | |
| parent | 02e0559477977f09279a7781817dc6f5c90f54c1 (diff) | |
| download | openssl-ddc38679cedcd154eb18187b8c384b1a05f61fc6.tar.gz | |
tolerate extra data at end of client hello for SSL 3.0
PR: 659
| -rw-r--r-- | CHANGES | 17 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 4 |
2 files changed, 21 insertions, 0 deletions
@@ -537,6 +537,15 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + *) Change AES_cbc_encrypt() so it outputs exact multiple of blocks during encryption. [Richard Levitte] @@ -671,6 +680,9 @@ yet to be integrated into this CVS branch: Changes between 0.9.6h and 0.9.7 [31 Dec 2002] + [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after + OpenSSL 0.9.7.] + *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last octet was ignored consequently. As a result SSLv2 client side session @@ -2491,6 +2503,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + *) Change X509_certificate_type() to mark the key as exported/exportable when it's 512 *bits* long, not 512 bytes. [Richard Levitte] diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e941068416..c2ac8cb2fc 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s) } /* TLS does not mind if there is extra stuff */ +#if 0 /* SSL 3.0 does not mind either, so we should disable this test + * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, + * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */ if (s->version == SSL3_VERSION) { if (p < (d+n)) @@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s) goto f_err; } } +#endif /* Given s->session->ciphers and SSL_get_ciphers, we must * pick a cipher */ |