Loading CHANGES +10 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ Changes between 0.9.8i and 0.9.9 [xx XXX xxxx] Changes between 0.9.8j and 0.9.9 [xx XXX xxxx] *) Delta CRL support. New use deltas option which will attempt to locate and search any appropriate delta CRLs available. Loading Loading @@ -703,6 +703,15 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] Changes between 0.9.8i and 0.9.8j [xx XXX xxxx] *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior to ensure that even with this option, only ciphersuites in the server's preference list will be accepted. (Note that the option applies only when resuming a session, so the earlier behavior was just about the algorithm choice for symmetric cryptography.) [Bodo Moeller] Changes between 0.9.8h and 0.9.8i [15 Sep 2008] *) Fix a state transitition in s3_srvr.c and d1_srvr.c Loading ssl/s3_srvr.c +18 −12 Original line number Diff line number Diff line Loading @@ -947,14 +947,21 @@ int ssl3_get_client_hello(SSL *s) break; } } if (j == 0) if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) /* Special case as client bug workaround: the previously used cipher may * not be in the current list, the client instead might be trying to * continue using a cipher that before wasn't chosen due to server * preferences. We'll have to reject the connection if the cipher is not * enabled, though. */ c = sk_SSL_CIPHER_value(ciphers, 0); if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) { /* Very bad for multi-threading.... */ s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0); s->session->cipher = c; j = 1; } else } if (j == 0) { /* we need to have the cipher in the cipher * list if we are asked to reuse it */ Loading @@ -963,7 +970,6 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } } } /* compression */ i= *(p++); Loading Loading
CHANGES +10 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ Changes between 0.9.8i and 0.9.9 [xx XXX xxxx] Changes between 0.9.8j and 0.9.9 [xx XXX xxxx] *) Delta CRL support. New use deltas option which will attempt to locate and search any appropriate delta CRLs available. Loading Loading @@ -703,6 +703,15 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] Changes between 0.9.8i and 0.9.8j [xx XXX xxxx] *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior to ensure that even with this option, only ciphersuites in the server's preference list will be accepted. (Note that the option applies only when resuming a session, so the earlier behavior was just about the algorithm choice for symmetric cryptography.) [Bodo Moeller] Changes between 0.9.8h and 0.9.8i [15 Sep 2008] *) Fix a state transitition in s3_srvr.c and d1_srvr.c Loading
ssl/s3_srvr.c +18 −12 Original line number Diff line number Diff line Loading @@ -947,14 +947,21 @@ int ssl3_get_client_hello(SSL *s) break; } } if (j == 0) if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) /* Special case as client bug workaround: the previously used cipher may * not be in the current list, the client instead might be trying to * continue using a cipher that before wasn't chosen due to server * preferences. We'll have to reject the connection if the cipher is not * enabled, though. */ c = sk_SSL_CIPHER_value(ciphers, 0); if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) { /* Very bad for multi-threading.... */ s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0); s->session->cipher = c; j = 1; } else } if (j == 0) { /* we need to have the cipher in the cipher * list if we are asked to reuse it */ Loading @@ -963,7 +970,6 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } } } /* compression */ i= *(p++); Loading
