[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: [CVS] OpenSSL: OpenSSL_0_9_6-stable: openssl/ CHANGES openssl/ssl/ s3_...
From: "Bodo Moeller" <bodo () openssl ! org>
Date: 2003-07-21 15:16:21
[Download RAW message or body]
OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________________________
Server: cvs.openssl.org Name: Bodo Moeller
Root: /e/openssl/cvs Email: bodo@openssl.org
Module: openssl Date: 21-Jul-2003 17:16:20
Branch: OpenSSL_0_9_6-stable Handle: 2003072116161802
Modified files: (Branch: OpenSSL_0_9_6-stable)
openssl CHANGES
openssl/ssl s3_srvr.c
Log:
tolerate extra data at end of client hello for SSL 3.0
Summary:
Revision Changes Path
1.618.2.201 +5 -0 openssl/CHANGES
1.49.2.23 +4 -0 openssl/ssl/s3_srvr.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openssl/CHANGES
============================================================================
$ cvs diff -u -r1.618.2.200 -r1.618.2.201 CHANGES
--- openssl/CHANGES 21 Jul 2003 14:58:32 -0000 1.618.2.200
+++ openssl/CHANGES 21 Jul 2003 15:16:18 -0000 1.618.2.201
@@ -4,6 +4,11 @@
Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
+ *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+ extra data after the compression methods not only for TLS 1.0
+ but also for SSL 3.0 (as required by the specification).
+ [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
@@ .
patch -p0 <<'@@ .'
Index: openssl/ssl/s3_srvr.c
============================================================================
$ cvs diff -u -r1.49.2.22 -r1.49.2.23 s3_srvr.c
--- openssl/ssl/s3_srvr.c 19 Mar 2003 19:20:30 -0000 1.49.2.22
+++ openssl/ssl/s3_srvr.c 21 Jul 2003 15:16:20 -0000 1.49.2.23
@@ -828,6 +828,9 @@
}
/* TLS does not mind if there is extra stuff */
+#if 0 /* SSL 3.0 does not mind either, so we should disable this test
+ * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+ * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
if (s->version == SSL3_VERSION)
{
if (p < (d+n))
@@ -839,6 +842,7 @@
goto f_err;
}
}
+#endif
/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
* pick a cipher */
@@ .
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic