Don't check for padding bug if compression is negotiated.
PR: 1204
This commit is contained in:
Dr. Stephen Henson
parent
1b6b67b17e
commit
b723a7b11b
2 changed files with 16 additions and 2 deletions
8
CHANGES
8
CHANGES
|
|
@ -4,7 +4,13 @@
|
|||
|
||||
Changes between 0.9.8b and 0.9.8c [xx XXX xxxx]
|
||||
|
||||
*)
|
||||
*) Disable the padding bug check when compression is in use. The padding
|
||||
bug check assumes the first packet is of even length, this is not
|
||||
necessarily true if compresssion is enabled and can result in false
|
||||
positives causing handshake failure. The actual bug test is ancient
|
||||
code so it is hoped that implementations will either have fixed it by
|
||||
now or any which still have the bug do not support compression.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.8a and 0.9.8b [04 May 2006]
|
||||
|
||||
|
|
|
|||
10
ssl/t1_enc.c
10
ssl/t1_enc.c
|
|
@ -628,7 +628,15 @@ int tls1_enc(SSL *s, int send)
|
|||
{
|
||||
ii=i=rec->data[l-1]; /* padding_length */
|
||||
i++;
|
||||
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
/* NB: if compression is in operation the first packet
|
||||
* may not be of even length so the padding bug check
|
||||
* cannot be performed. This bug workaround has been
|
||||
* around since SSLeay so hopefully it is either fixed
|
||||
* now or no buggy implementation supports compression
|
||||
* [steve]
|
||||
*/
|
||||
if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
&& !s->expand)
|
||||
{
|
||||
/* First packet is even in size, so check */
|
||||
if ((memcmp(s->s3->read_sequence,
|
||||
|
|
|
|||
Loading…
Reference in a new issue