Fix from stable branch.
This commit is contained in:
parent
83ed49149c
commit
5cda6c4582
2 changed files with 20 additions and 2 deletions
12
CHANGES
12
CHANGES
|
@ -224,7 +224,17 @@
|
|||
*) Add print and set support for Issuing Distribution Point CRL extension.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.8a and 0.9.8b [XX xxx XXXX]
|
||||
Changes between 0.9.8b and 0.9.8c [xx XXX xxxx]
|
||||
|
||||
*) Disable the padding bug check when compression is in use. The padding
|
||||
bug check assumes the first packet is of even length, this is not
|
||||
necessarily true if compresssion is enabled and can result in false
|
||||
positives causing handshake failure. The actual bug test is ancient
|
||||
code so it is hoped that implementations will either have fixed it by
|
||||
now or any which still have the bug do not support compression.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.8a and 0.9.8b [04 May 2006]
|
||||
|
||||
*) When applying a cipher rule check to see if string match is an explicit
|
||||
cipher suite and only match that one cipher suite if it is.
|
||||
|
|
10
ssl/t1_enc.c
10
ssl/t1_enc.c
|
@ -654,7 +654,15 @@ int tls1_enc(SSL *s, int send)
|
|||
{
|
||||
ii=i=rec->data[l-1]; /* padding_length */
|
||||
i++;
|
||||
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
/* NB: if compression is in operation the first packet
|
||||
* may not be of even length so the padding bug check
|
||||
* cannot be performed. This bug workaround has been
|
||||
* around since SSLeay so hopefully it is either fixed
|
||||
* now or no buggy implementation supports compression
|
||||
* [steve]
|
||||
*/
|
||||
if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
&& !s->expand)
|
||||
{
|
||||
/* First packet is even in size, so check */
|
||||
if ((memcmp(s->s3->read_sequence,
|
||||
|
|
Loading…
Reference in a new issue