Commit 702eb4dc authored by Bodo Möller's avatar Bodo Möller
Browse files

tolerate extra data at end of client hello for SSL 3.0

parent a7a53184

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -4,6 +4,11 @@ 


 Changes between 0.9.6j and 0.9.6k  [xx XXX 2003]



  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional

     extra data after the compression methods not only for TLS 1.0

     but also for SSL 3.0 (as required by the specification).

     [Bodo Moeller; problem pointed out by Matthias Loepfe]



  *) Change X509_certificate_type() to mark the key as exported/exportable

     when it's 512 *bits* long, not 512 bytes.

     [Richard Levitte]

ssl/s3_srvr.c

+4 −0
Original line number Diff line number Diff line
@@ -828,6 +828,9 @@ static int ssl3_get_client_hello(SSL *s) 
		}



	/* TLS does not mind if there is extra stuff */

#if 0   /* SSL 3.0 does not mind either, so we should disable this test

         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,

         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */

	if (s->version == SSL3_VERSION)

		{

		if (p < (d+n))
@@ -839,6 +842,7 @@ static int ssl3_get_client_hello(SSL *s) 
			goto f_err;

			}

		}

#endif



	/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must

	 * pick a cipher */