Don't check for padding bug if compression is negotiated.
PR: 1204
This commit is contained in:
Dr. Stephen Henson
parent
1b6b67b17e
commit
b723a7b11b
2 changed files with 16 additions and 2 deletions
8
CHANGES
8
CHANGES
|
|
@ -4,7 +4,13 @@
|
||||||
|
|
||||||
Changes between 0.9.8b and 0.9.8c [xx XXX xxxx]
|
Changes between 0.9.8b and 0.9.8c [xx XXX xxxx]
|
||||||
|
|
||||||
*)
|
*) Disable the padding bug check when compression is in use. The padding
|
||||||
|
bug check assumes the first packet is of even length, this is not
|
||||||
|
necessarily true if compresssion is enabled and can result in false
|
||||||
|
positives causing handshake failure. The actual bug test is ancient
|
||||||
|
code so it is hoped that implementations will either have fixed it by
|
||||||
|
now or any which still have the bug do not support compression.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
Changes between 0.9.8a and 0.9.8b [04 May 2006]
|
Changes between 0.9.8a and 0.9.8b [04 May 2006]
|
||||||
|
|
||||||
|
|
|
||||||
10
ssl/t1_enc.c
10
ssl/t1_enc.c
|
|
@ -628,7 +628,15 @@ int tls1_enc(SSL *s, int send)
|
||||||
{
|
{
|
||||||
ii=i=rec->data[l-1]; /* padding_length */
|
ii=i=rec->data[l-1]; /* padding_length */
|
||||||
i++;
|
i++;
|
||||||
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
/* NB: if compression is in operation the first packet
|
||||||
|
* may not be of even length so the padding bug check
|
||||||
|
* cannot be performed. This bug workaround has been
|
||||||
|
* around since SSLeay so hopefully it is either fixed
|
||||||
|
* now or no buggy implementation supports compression
|
||||||
|
* [steve]
|
||||||
|
*/
|
||||||
|
if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||||
|
&& !s->expand)
|
||||||
{
|
{
|
||||||
/* First packet is even in size, so check */
|
/* First packet is even in size, so check */
|
||||||
if ((memcmp(s->s3->read_sequence,
|
if ((memcmp(s->s3->read_sequence,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue