generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix wrong handling of session ID in SSLv2 client code.

Browse Source 
PR: 377
This commit is contained in:
Lutz Jänicke 2002-12-29 20:59:35 +00:00
parent 8598289936
commit 21cde7a41c
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGES
View File

@ -352,6 +352,15 @@ TODO: bug: pad x with leading zeros if necessary
Changes between 0.9.6h and 0.9.7 [XX xxx 2002]
*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
code (06) was taken as the first octet of the session ID and the last
octet was ignored consequently. As a result SSLv2 client side session
caching could not have worked due to the session ID mismatch between
client and server.
Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
PR #377.
[Lutz Jaenicke]
*) Change the declaration of needed Kerberos libraries to use EX_LIBS
instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
removed entirely.

2
ssl/s2_clnt.c
View File

@ -1014,7 +1014,7 @@ static int get_server_finished(SSL *s)
* or bad things can happen */
/* ZZZZZZZZZZZZZ */
s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
}
else
{