wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bugfix: larger message size in ssl3_get_key_exchange() because

Browse source 
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
This commit is contained in:
Bodo Möller 2001-08-07 09:31:03 +00:00
parent 65ce21da9a
commit 904de6e4f5
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
CHANGES
View file

@ -4,6 +4,12 @@
Changes between 0.9.6b and 0.9.6c [XX xxx XXXX]
*) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
with the same message size as in ssl3_get_certificate_request().
Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
messages might inadvertently be reject as too long.
[Petr Lampa <lampa@fee.vutbr.cz>]
*) Modified SSL library such that the verify_callback that has been set
specificly for an SSL object with SSL_set_verify() is actually being
used. Before the change, a verify_callback set with this function was

8
ssl/s3_clnt.c
View file

@ -849,11 +849,17 @@ static int ssl3_get_key_exchange(SSL *s)
DH *dh=NULL;
#endif
/* use same message size as in ssl3_get_certificate_request()
* as ServerKeyExchange message may be skipped */
n=ssl3_get_message(s,
SSL3_ST_CR_KEY_EXCH_A,
SSL3_ST_CR_KEY_EXCH_B,
-1,
1024*8, /* ?? */
#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
1024*30, /* 30k max cert list :-) */
#else
1024*100, /* 100k max cert list :-) */
#endif
&ok);
if (!ok) return((int)n);