Commit 4ab0088b authored Sep 21, 2007 by Bodo Möller

More changes from HEAD:

- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
  now that ssl23_client_hello takes care of that

- fix buffer overrun checks in ssl_add_serverhello_tlsext()

parent 3bd1690b

ssl/s3_lib.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -1931,7 +1931,6 @@ long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
		SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
		return 0;
		}
		s->options \|= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
		break;
		case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
		s->tlsext_debug_arg=parg;

ssl/t1_lib.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -207,7 +207,7 @@ unsigned char ssl_add_serverhello_tlsext(SSL s, unsigned char *p, unsigned cha

		if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
		{
		if (limit - p - 4 < 0) return NULL;
		if (limit - ret - 4 < 0) return NULL;

		s2n(TLSEXT_TYPE_server_name,ret);
		s2n(0,ret);
		@@ -216,7 +216,7 @@ unsigned char ssl_add_serverhello_tlsext(SSL s, unsigned char *p, unsigned cha
		if (s->tlsext_ticket_expected
		&& !(SSL_get_options(s) & SSL_OP_NO_TICKET))
		{
		if (limit - p - 4 < 0) return NULL;
		if (limit - ret - 4 < 0) return NULL;
		s2n(TLSEXT_TYPE_session_ticket,ret);
		s2n(0,ret);
		}