Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: ssl/ssl_asn1.c
This commit is contained in:
parent
87cd297d14
commit
6e20f55646
2 changed files with 4 additions and 1 deletions
|
@ -86,6 +86,7 @@ extern "C" {
|
|||
# define DTLS1_VERSION 0xFEFF
|
||||
# define DTLS1_2_VERSION 0xFEFD
|
||||
# define DTLS_MAX_VERSION DTLS1_2_VERSION
|
||||
# define DTLS1_VERSION_MAJOR 0xFE
|
||||
|
||||
# define DTLS1_BAD_VER 0x0100
|
||||
|
||||
|
|
|
@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
|
|||
id = 0x02000000L |
|
||||
((unsigned long)os.data[0] << 16L) |
|
||||
((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2];
|
||||
} else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
|
||||
} else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR
|
||||
|| (ssl_version >> 8) == DTLS1_VERSION_MAJOR
|
||||
|| ssl_version == DTLS1_BAD_VER) {
|
||||
if (os.length != 2) {
|
||||
c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
|
||||
c.line = __LINE__;
|
||||
|
|
Loading…
Reference in a new issue