Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). [Bodo Moeller] *) Fix race condition in SSLv3_client_method(). [Bodo Moeller] Loading ssl/s3_clnt.c +6 −7 Original line number Diff line number Diff line Loading @@ -632,11 +632,10 @@ static int ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); if(j > sizeof s->session->session_id) if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). [Bodo Moeller] *) Fix race condition in SSLv3_client_method(). [Bodo Moeller] Loading
ssl/s3_clnt.c +6 −7 Original line number Diff line number Diff line Loading @@ -632,11 +632,10 @@ static int ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); if(j > sizeof s->session->session_id) if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } Loading
