Loading CHANGES +11 −1 Original line number Diff line number Diff line Loading @@ -224,7 +224,17 @@ *) Add print and set support for Issuing Distribution Point CRL extension. [Steve Henson] Changes between 0.9.8a and 0.9.8b [XX xxx XXXX] Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] *) Disable the padding bug check when compression is in use. The padding bug check assumes the first packet is of even length, this is not necessarily true if compresssion is enabled and can result in false positives causing handshake failure. The actual bug test is ancient code so it is hoped that implementations will either have fixed it by now or any which still have the bug do not support compression. [Steve Henson] Changes between 0.9.8a and 0.9.8b [04 May 2006] *) When applying a cipher rule check to see if string match is an explicit cipher suite and only match that one cipher suite if it is. Loading ssl/t1_enc.c +9 −1 Original line number Diff line number Diff line Loading @@ -654,7 +654,15 @@ int tls1_enc(SSL *s, int send) { ii=i=rec->data[l-1]; /* padding_length */ i++; if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) /* NB: if compression is in operation the first packet * may not be of even length so the padding bug check * cannot be performed. This bug workaround has been * around since SSLeay so hopefully it is either fixed * now or no buggy implementation supports compression * [steve] */ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ if ((memcmp(s->s3->read_sequence, Loading Loading
CHANGES +11 −1 Original line number Diff line number Diff line Loading @@ -224,7 +224,17 @@ *) Add print and set support for Issuing Distribution Point CRL extension. [Steve Henson] Changes between 0.9.8a and 0.9.8b [XX xxx XXXX] Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] *) Disable the padding bug check when compression is in use. The padding bug check assumes the first packet is of even length, this is not necessarily true if compresssion is enabled and can result in false positives causing handshake failure. The actual bug test is ancient code so it is hoped that implementations will either have fixed it by now or any which still have the bug do not support compression. [Steve Henson] Changes between 0.9.8a and 0.9.8b [04 May 2006] *) When applying a cipher rule check to see if string match is an explicit cipher suite and only match that one cipher suite if it is. Loading
ssl/t1_enc.c +9 −1 Original line number Diff line number Diff line Loading @@ -654,7 +654,15 @@ int tls1_enc(SSL *s, int send) { ii=i=rec->data[l-1]; /* padding_length */ i++; if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) /* NB: if compression is in operation the first packet * may not be of even length so the padding bug check * cannot be performed. This bug workaround has been * around since SSLeay so hopefully it is either fixed * now or no buggy implementation supports compression * [steve] */ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ if ((memcmp(s->s3->read_sequence, Loading
