Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 ddc38679 编写于 作者: B Bodo Möller
浏览文件
操作

tolerate extra data at end of client hello for SSL 3.0 

PR: 659
上级 02e05594
隐藏空白更改
内联 并排
Showing with 21 addition and 0 deletion
CHANGES
浏览文件 @ ddc38679
...@@ -537,6 +537,15 @@ ...@@ -537,6 +537,15 @@
Changes between 0.9.7b and 0.9.7c [xx XXX 2003] Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
*) Change AES_cbc_encrypt() so it outputs exact multiple of *) Change AES_cbc_encrypt() so it outputs exact multiple of
blocks during encryption. blocks during encryption.
[Richard Levitte] [Richard Levitte]
...@@ -671,6 +680,9 @@ yet to be integrated into this CVS branch: ...@@ -671,6 +680,9 @@ yet to be integrated into this CVS branch:
Changes between 0.9.6h and 0.9.7 [31 Dec 2002] Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
[NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
OpenSSL 0.9.7.]
*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
code (06) was taken as the first octet of the session ID and the last code (06) was taken as the first octet of the session ID and the last
octet was ignored consequently. As a result SSLv2 client side session octet was ignored consequently. As a result SSLv2 client side session
...@@ -2491,6 +2503,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k ...@@ -2491,6 +2503,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
Changes between 0.9.6j and 0.9.6k [xx XXX 2003] Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable *) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes. when it's 512 *bits* long, not 512 bytes.
[Richard Levitte] [Richard Levitte]
......
ssl/s3_srvr.c
浏览文件 @ ddc38679
...@@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s) ...@@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s)
} }
/* TLS does not mind if there is extra stuff */ /* TLS does not mind if there is extra stuff */
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
* (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
* in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
if (s->version == SSL3_VERSION) if (s->version == SSL3_VERSION)
{ {
if (p < (d+n)) if (p < (d+n))
...@@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s) ...@@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s)
goto f_err; goto f_err;
} }
} }
#endif
/* Given s->session->ciphers and SSL_get_ciphers, we must /* Given s->session->ciphers and SSL_get_ciphers, we must
* pick a cipher */ * pick a cipher */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册