From 21cde7a41c3a365629b0c9d24bb7d86ea5a5a405 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 29 Dec 2002 20:59:35 +0000 Subject: [PATCH] Fix wrong handling of session ID in SSLv2 client code. PR: 377 --- CHANGES | 9 +++++++++ ssl/s2_clnt.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 0922acb08..38e81e8a2 100644 --- a/CHANGES +++ b/CHANGES @@ -352,6 +352,15 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.6h and 0.9.7 [XX xxx 2002] + *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED + code (06) was taken as the first octet of the session ID and the last + octet was ignored consequently. As a result SSLv2 client side session + caching could not have worked due to the session ID mismatch between + client and server. + Behaviour observed by Crispin Flowerday as + PR #377. + [Lutz Jaenicke] + *) Change the declaration of needed Kerberos libraries to use EX_LIBS instead of the special (and badly supported) LIBKRB5. LIBKRB5 is removed entirely. diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 0bc04d284..c6319bb63 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -1014,7 +1014,7 @@ static int get_server_finished(SSL *s) * or bad things can happen */ /* ZZZZZZZZZZZZZ */ s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; - memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH); + memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH); } else {