Commit 6e20f556 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix d2i_SSL_SESSION for DTLS1_BAD_VER 



Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.

This change fixes d2i_SSL_SESSION for that DTLS version.

Based on an original patch by David Woodhouse <dwmw2@infradead.org>

RT#3704

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>

Conflicts:
	ssl/ssl_asn1.c
parent 87cd297d

ssl/dtls1.h

+1 −0
Original line number Diff line number Diff line
@@ -86,6 +86,7 @@ extern "C" { 
# define DTLS1_VERSION                   0xFEFF

# define DTLS1_2_VERSION                 0xFEFD

# define DTLS_MAX_VERSION                DTLS1_2_VERSION

# define DTLS1_VERSION_MAJOR             0xFE



# define DTLS1_BAD_VER                   0x0100

ssl/ssl_asn1.c

+3 −1
Original line number Diff line number Diff line
@@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 
        id = 0x02000000L |

            ((unsigned long)os.data[0] << 16L) |

            ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2];

    } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {

    } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR

        || (ssl_version >> 8) == DTLS1_VERSION_MAJOR

        || ssl_version == DTLS1_BAD_VER) {

        if (os.length != 2) {

            c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;

            c.line = __LINE__;