'[CVS] OpenSSL: OpenSSL_0_9_6-stable: openssl/ CHANGES openssl/ssl/ s3_...'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-cvs
Subject:    [CVS] OpenSSL: OpenSSL_0_9_6-stable: openssl/ CHANGES openssl/ssl/ s3_...
From:       "Bodo Moeller" <bodo () openssl ! org>
Date:       2003-07-21 15:16:21
[Download RAW message or body]

  OpenSSL CVS Repository
  http://cvs.openssl.org/
  ____________________________________________________________________________

  Server: cvs.openssl.org                  Name:   Bodo Moeller
  Root:   /e/openssl/cvs                   Email:  bodo@openssl.org
  Module: openssl                          Date:   21-Jul-2003 17:16:20
  Branch: OpenSSL_0_9_6-stable             Handle: 2003072116161802

  Modified files:           (Branch: OpenSSL_0_9_6-stable)
    openssl                 CHANGES
    openssl/ssl             s3_srvr.c

  Log:
    tolerate extra data at end of client hello for SSL 3.0

  Summary:
    Revision    Changes     Path
    1.618.2.201 +5  -0      openssl/CHANGES
    1.49.2.23   +4  -0      openssl/ssl/s3_srvr.c
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openssl/CHANGES
  ============================================================================
  $ cvs diff -u -r1.618.2.200 -r1.618.2.201 CHANGES
  --- openssl/CHANGES	21 Jul 2003 14:58:32 -0000	1.618.2.200
  +++ openssl/CHANGES	21 Jul 2003 15:16:18 -0000	1.618.2.201
  @@ -4,6 +4,11 @@
   
    Changes between 0.9.6j and 0.9.6k  [xx XXX 2003]
   
  +  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
  +     extra data after the compression methods not only for TLS 1.0
  +     but also for SSL 3.0 (as required by the specification).
  +     [Bodo Moeller; problem pointed out by Matthias Loepfe]
  +
     *) Change X509_certificate_type() to mark the key as exported/exportable
        when it's 512 *bits* long, not 512 bytes.
        [Richard Levitte]
  @@ .
  patch -p0 <<'@@ .'
  Index: openssl/ssl/s3_srvr.c
  ============================================================================
  $ cvs diff -u -r1.49.2.22 -r1.49.2.23 s3_srvr.c
  --- openssl/ssl/s3_srvr.c	19 Mar 2003 19:20:30 -0000	1.49.2.22
  +++ openssl/ssl/s3_srvr.c	21 Jul 2003 15:16:20 -0000	1.49.2.23
  @@ -828,6 +828,9 @@
   		}
   
   	/* TLS does not mind if there is extra stuff */
  +#if 0   /* SSL 3.0 does not mind either, so we should disable this test
  +         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
  +         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
   	if (s->version == SSL3_VERSION)
   		{
   		if (p < (d+n))
  @@ -839,6 +842,7 @@
   			goto f_err;
   			}
   		}
  +#endif
   
   	/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
   	 * pick a cipher */
  @@ .
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                     openssl-cvs@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic