PR: 1629
Submitted by: Kaspar Brand <ossl-rt@velox.ch> Approved by: steve@openssl.org Don't use extensions if using SSLv3: this chokes some broken servers.
This commit is contained in:
Dr. Stephen Henson
parent
376bbb5887
commit
18f8258a87
@ -275,6 +275,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
|||||||
int extdatalen=0;
|
int extdatalen=0;
|
||||||
unsigned char *ret = p;
|
unsigned char *ret = p;
|
||||||
|
|
||||||
|
/* don't add extensions for SSLv3 */
|
||||||
|
if (s->client_version == SSL3_VERSION)
|
||||||
|
return p;
|
||||||
|
|
||||||
ret+=2;
|
ret+=2;
|
||||||
|
|
||||||
if (ret>=limit) return NULL; /* this really never occurs, but ... */
|
if (ret>=limit) return NULL; /* this really never occurs, but ... */
|
||||||
@ -472,6 +476,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
|||||||
int extdatalen=0;
|
int extdatalen=0;
|
||||||
unsigned char *ret = p;
|
unsigned char *ret = p;
|
||||||
|
|
||||||
|
/* don't add extensions for SSLv3 */
|
||||||
|
if (s->version == SSL3_VERSION)
|
||||||
|
return p;
|
||||||
|
|
||||||
ret+=2;
|
ret+=2;
|
||||||
if (ret>=limit) return NULL; /* this really never occurs, but ... */
|
if (ret>=limit) return NULL; /* this really never occurs, but ... */
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user