Loading CHANGES +14 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,15 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] *) New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. [Steve Henson] *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). Loading Loading @@ -1973,6 +1982,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. [Steve Henson] *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). Loading apps/ocsp.c +5 −0 Original line number Diff line number Diff line Loading @@ -136,6 +136,7 @@ int MAIN(int argc, char **argv) int accept_count = -1; int badarg = 0; int i; int ignore_err = 0; STACK *reqnames = NULL; STACK_OF(OCSP_CERTID) *ids = NULL; Loading Loading @@ -195,6 +196,8 @@ int MAIN(int argc, char **argv) } else badarg = 1; } else if (!strcmp(*args, "-ignore_err")) ignore_err = 1; else if (!strcmp(*args, "-noverify")) noverify = 1; else if (!strcmp(*args, "-nonce")) Loading Loading @@ -809,6 +812,8 @@ int MAIN(int argc, char **argv) { BIO_printf(out, "Responder Error: %s (%ld)\n", OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; ret = 0; goto end; } Loading apps/openssl.c +1 −1 Original line number Diff line number Diff line Loading @@ -163,7 +163,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) goto err; } if (type < 0 || type > CRYPTO_NUM_LOCKS) if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; Loading crypto/asn1/a_mbstr.c +1 −1 Original line number Diff line number Diff line Loading @@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg) static int out_utf8(unsigned long value, void *arg) { long *outlen; int *outlen; outlen = arg; *outlen += UTF8_putc(NULL, -1, value); return 1; Loading ssl/s3_srvr.c +5 −4 Original line number Diff line number Diff line Loading @@ -431,10 +431,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { /* could be sent for a DH cert, even if we * have not asked for it :-) */ if (s->s3->tmp.cert_request) { ret=ssl3_get_client_certificate(s); if (ret <= 0) goto end; } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } Loading Loading
CHANGES +14 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,15 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] *) New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. [Steve Henson] *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). Loading Loading @@ -1973,6 +1982,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. [Steve Henson] *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). Loading
apps/ocsp.c +5 −0 Original line number Diff line number Diff line Loading @@ -136,6 +136,7 @@ int MAIN(int argc, char **argv) int accept_count = -1; int badarg = 0; int i; int ignore_err = 0; STACK *reqnames = NULL; STACK_OF(OCSP_CERTID) *ids = NULL; Loading Loading @@ -195,6 +196,8 @@ int MAIN(int argc, char **argv) } else badarg = 1; } else if (!strcmp(*args, "-ignore_err")) ignore_err = 1; else if (!strcmp(*args, "-noverify")) noverify = 1; else if (!strcmp(*args, "-nonce")) Loading Loading @@ -809,6 +812,8 @@ int MAIN(int argc, char **argv) { BIO_printf(out, "Responder Error: %s (%ld)\n", OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; ret = 0; goto end; } Loading
apps/openssl.c +1 −1 Original line number Diff line number Diff line Loading @@ -163,7 +163,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) goto err; } if (type < 0 || type > CRYPTO_NUM_LOCKS) if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; Loading
crypto/asn1/a_mbstr.c +1 −1 Original line number Diff line number Diff line Loading @@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg) static int out_utf8(unsigned long value, void *arg) { long *outlen; int *outlen; outlen = arg; *outlen += UTF8_putc(NULL, -1, value); return 1; Loading
ssl/s3_srvr.c +5 −4 Original line number Diff line number Diff line Loading @@ -431,10 +431,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { /* could be sent for a DH cert, even if we * have not asked for it :-) */ if (s->s3->tmp.cert_request) { ret=ssl3_get_client_certificate(s); if (ret <= 0) goto end; } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } Loading
