tolerate extra data at end of client hello for SSL 3.0
This commit is contained in:
Bodo Möller
parent
a7a53184bf
commit
702eb4dc0a
2 changed files with 9 additions and 0 deletions
5
CHANGES
5
CHANGES
|
|
@ -4,6 +4,11 @@
|
|||
|
||||
Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
|
||||
|
||||
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
|
||||
extra data after the compression methods not only for TLS 1.0
|
||||
but also for SSL 3.0 (as required by the specification).
|
||||
[Bodo Moeller; problem pointed out by Matthias Loepfe]
|
||||
|
||||
*) Change X509_certificate_type() to mark the key as exported/exportable
|
||||
when it's 512 *bits* long, not 512 bytes.
|
||||
[Richard Levitte]
|
||||
|
|
|
|||
|
|
@ -828,6 +828,9 @@ static int ssl3_get_client_hello(SSL *s)
|
|||
}
|
||||
|
||||
/* TLS does not mind if there is extra stuff */
|
||||
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
|
||||
* (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
|
||||
* in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
|
||||
if (s->version == SSL3_VERSION)
|
||||
{
|
||||
if (p < (d+n))
|
||||
|
|
@ -839,6 +842,7 @@ static int ssl3_get_client_hello(SSL *s)
|
|||
goto f_err;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
|
||||
* pick a cipher */
|
||||
|
|
|
|||
Loading…
Reference in a new issue