Commit ef9d3a10 authored Dec 29, 2002 by Lutz Jänicke

Fix wrong handling of session ID in SSLv2 client code.

PR: 377

parent 20c9a507

CHANGES

+9 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,15 @@

		Changes between 0.9.6h and 0.9.7 [XX xxx 2002]

		*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
		code (06) was taken as the first octet of the session ID and the last
		octet was ignored consequently. As a result SSLv2 client side session
		caching could not have worked due to the session ID mismatch between
		client and server.
		Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
		PR #377.
		[Lutz Jaenicke]

		*) Change the declaration of needed Kerberos libraries to use EX_LIBS
		instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
		removed entirely.

ssl/s2_clnt.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1014,7 +1014,7 @@ static int get_server_finished(SSL *s)
		* or bad things can happen */
		/* ZZZZZZZZZZZZZ */
		s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
		memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
		memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
		}
		else
		{