PR: 1629

Submitted by: Kaspar Brand <ossl-rt@velox.ch> Approved by: steve@openssl.org Don't use extensions if using SSLv3: this chokes some broken servers.
2009-04-28 22:01:53 +00:00 · 2009-04-28 22:01:53 +00:00 · 18f8258a87
commit 18f8258a87
parent 376bbb5887
1 changed files with 8 additions and 0 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -275,6 +275,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;

+	/* don't add extensions for SSLv3 */
+	if (s->client_version == SSL3_VERSION)
+		return p;
+
 	ret+=2;

 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
@ -472,6 +476,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;

+	/* don't add extensions for SSLv3 */
+	if (s->version == SSL3_VERSION)
+		return p;
+	
 	ret+=2;
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */