Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
837f2fc7
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
837f2fc7
编写于
16年前
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
上级
1a489c9a
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
28 addition
and
13 deletion
+28
-13
CHANGES
CHANGES
+10
-1
ssl/s3_srvr.c
ssl/s3_srvr.c
+18
-12
未找到文件。
CHANGES
浏览文件 @
837f2fc7
...
...
@@ -2,7 +2,7 @@
OpenSSL CHANGES
_______________
Changes between 0.9.8
i
and 0.9.9 [xx XXX xxxx]
Changes between 0.9.8
j
and 0.9.9 [xx XXX xxxx]
*) Delta CRL support. New use deltas option which will attempt to locate
and search any appropriate delta CRLs available.
...
...
@@ -703,6 +703,15 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
Changes between 0.9.8i and 0.9.8j [xx XXX xxxx]
*) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
to ensure that even with this option, only ciphersuites in the
server's preference list will be accepted. (Note that the option
applies only when resuming a session, so the earlier behavior was
just about the algorithm choice for symmetric cryptography.)
[Bodo Moeller]
Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
*) Fix a state transitition in s3_srvr.c and d1_srvr.c
...
...
This diff is collapsed.
Click to expand it.
ssl/s3_srvr.c
浏览文件 @
837f2fc7
...
...
@@ -947,22 +947,28 @@ int ssl3_get_client_hello(SSL *s)
break
;
}
}
if
(
j
==
0
)
if
(
j
==
0
&&
(
s
->
options
&
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
)
&&
(
sk_SSL_CIPHER_num
(
ciphers
)
==
1
)
)
{
if
((
s
->
options
&
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
)
&&
(
sk_SSL_CIPHER_num
(
ciphers
)
==
1
))
/* Special case as client bug workaround: the previously used cipher may
* not be in the current list, the client instead might be trying to
* continue using a cipher that before wasn't chosen due to server
* preferences. We'll have to reject the connection if the cipher is not
* enabled, though. */
c
=
sk_SSL_CIPHER_value
(
ciphers
,
0
);
if
(
sk_SSL_CIPHER_find
(
SSL_get_ciphers
(
s
),
c
)
>=
0
)
{
/* Very bad for multi-threading.... */
s
->
session
->
cipher
=
sk_SSL_CIPHER_value
(
ciphers
,
0
);
}
else
{
/* we need to have the cipher in the cipher
* list if we are asked to reuse it */
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_CLIENT_HELLO
,
SSL_R_REQUIRED_CIPHER_MISSING
);
goto
f_err
;
s
->
session
->
cipher
=
c
;
j
=
1
;
}
}
if
(
j
==
0
)
{
/* we need to have the cipher in the cipher
* list if we are asked to reuse it */
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_CLIENT_HELLO
,
SSL_R_REQUIRED_CIPHER_MISSING
);
goto
f_err
;
}
}
/* compression */
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部