Loading CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] *) Work around for Netscape hang bug. This sends certificate request and server done in one record. Since this is perfectly legal in the SSL/TLS protocol it isn't a "bug" option and is on by default. See the bugs/SSLv3 entry for more info. [Steve Henson] *) HP-UX tune-up: new unified configs, HP C compiler bug workaround. [Andy Polyakov] Loading bugs/SSLv3 +8 −0 Original line number Diff line number Diff line Loading @@ -39,3 +39,11 @@ SSL_shutdown() and still sharing the socket with its parent). Netscape, when using export ciphers, will accept a 1024 bit temporary RSA key. It is supposed to only accept 512. If Netscape connects to a server which requests a client certificate it will frequently hang after the user has selected one and never complete the connection. Hitting "Stop" and reload fixes this and all subsequent connections work fine. This appears to be because Netscape wont read any new records in when it is awaiting a server done message at this point. The fix is to send the certificate request and server done messages in one record. ssl/s3_srvr.c +18 −0 Original line number Diff line number Diff line Loading @@ -57,6 +57,8 @@ */ #define REUSE_CIPHER_BUG #define NETSCAPE_HANG_BUG #include <stdio.h> #include <openssl/buffer.h> Loading Loading @@ -313,7 +315,12 @@ int ssl3_accept(SSL *s) s->s3->tmp.cert_request=1; ret=ssl3_send_certificate_request(s); if (ret <= 0) goto end; #ifndef NETSCAPE_HANG_BUG s->state=SSL3_ST_SW_SRVR_DONE_A; #else s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; #endif s->init_num=0; } break; Loading Loading @@ -1194,6 +1201,17 @@ static int ssl3_send_certificate_request(SSL *s) s->init_num=n+4; s->init_off=0; #ifdef NETSCAPE_HANG_BUG p=(unsigned char *)s->init_buf->data + s->init_num; /* do the header */ *(p++)=SSL3_MT_SERVER_DONE; *(p++)=0; *(p++)=0; *(p++)=0; s->init_num += 4; #endif } /* SSL3_ST_SW_CERT_REQ_B */ Loading Loading
CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] *) Work around for Netscape hang bug. This sends certificate request and server done in one record. Since this is perfectly legal in the SSL/TLS protocol it isn't a "bug" option and is on by default. See the bugs/SSLv3 entry for more info. [Steve Henson] *) HP-UX tune-up: new unified configs, HP C compiler bug workaround. [Andy Polyakov] Loading
bugs/SSLv3 +8 −0 Original line number Diff line number Diff line Loading @@ -39,3 +39,11 @@ SSL_shutdown() and still sharing the socket with its parent). Netscape, when using export ciphers, will accept a 1024 bit temporary RSA key. It is supposed to only accept 512. If Netscape connects to a server which requests a client certificate it will frequently hang after the user has selected one and never complete the connection. Hitting "Stop" and reload fixes this and all subsequent connections work fine. This appears to be because Netscape wont read any new records in when it is awaiting a server done message at this point. The fix is to send the certificate request and server done messages in one record.
ssl/s3_srvr.c +18 −0 Original line number Diff line number Diff line Loading @@ -57,6 +57,8 @@ */ #define REUSE_CIPHER_BUG #define NETSCAPE_HANG_BUG #include <stdio.h> #include <openssl/buffer.h> Loading Loading @@ -313,7 +315,12 @@ int ssl3_accept(SSL *s) s->s3->tmp.cert_request=1; ret=ssl3_send_certificate_request(s); if (ret <= 0) goto end; #ifndef NETSCAPE_HANG_BUG s->state=SSL3_ST_SW_SRVR_DONE_A; #else s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; #endif s->init_num=0; } break; Loading Loading @@ -1194,6 +1201,17 @@ static int ssl3_send_certificate_request(SSL *s) s->init_num=n+4; s->init_off=0; #ifdef NETSCAPE_HANG_BUG p=(unsigned char *)s->init_buf->data + s->init_num; /* do the header */ *(p++)=SSL3_MT_SERVER_DONE; *(p++)=0; *(p++)=0; *(p++)=0; s->init_num += 4; #endif } /* SSL3_ST_SW_CERT_REQ_B */ Loading
