Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
ddc38679
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ddc38679
编写于
7月 21, 2003
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
tolerate extra data at end of client hello for SSL 3.0
PR: 659
上级
02e05594
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
21 addition
and
0 deletion
+21
-0
CHANGES
CHANGES
+17
-0
ssl/s3_srvr.c
ssl/s3_srvr.c
+4
-0
未找到文件。
CHANGES
浏览文件 @
ddc38679
...
@@ -537,6 +537,15 @@
...
@@ -537,6 +537,15 @@
Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
*) Change AES_cbc_encrypt() so it outputs exact multiple of
*) Change AES_cbc_encrypt() so it outputs exact multiple of
blocks during encryption.
blocks during encryption.
[Richard Levitte]
[Richard Levitte]
...
@@ -671,6 +680,9 @@ yet to be integrated into this CVS branch:
...
@@ -671,6 +680,9 @@ yet to be integrated into this CVS branch:
Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
[NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
OpenSSL 0.9.7.]
*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
code (06) was taken as the first octet of the session ID and the last
code (06) was taken as the first octet of the session ID and the last
octet was ignored consequently. As a result SSLv2 client side session
octet was ignored consequently. As a result SSLv2 client side session
...
@@ -2491,6 +2503,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
...
@@ -2491,6 +2503,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
[Richard Levitte]
...
...
ssl/s3_srvr.c
浏览文件 @
ddc38679
...
@@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s)
...
@@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s)
}
}
/* TLS does not mind if there is extra stuff */
/* TLS does not mind if there is extra stuff */
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
* (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
* in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
if (s->version == SSL3_VERSION)
if (s->version == SSL3_VERSION)
{
{
if (p < (d+n))
if (p < (d+n))
...
@@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s)
...
@@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s)
goto f_err;
goto f_err;
}
}
}
}
#endif
/* Given s->session->ciphers and SSL_get_ciphers, we must
/* Given s->session->ciphers and SSL_get_ciphers, we must
* pick a cipher */
* pick a cipher */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录