More changes from HEAD:
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME now that ssl23_client_hello takes care of that - fix buffer overrun checks in ssl_add_serverhello_tlsext()
This commit is contained in:
Bodo Möller
@@ -1931,7 +1931,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
|||||||
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
|
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
|
|
||||||
break;
|
break;
|
||||||
case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
|
case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
|
||||||
s->tlsext_debug_arg=parg;
|
s->tlsext_debug_arg=parg;
|
||||||
|
|||||||
@@ -207,7 +207,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
|||||||
|
|
||||||
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
|
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
|
||||||
{
|
{
|
||||||
if (limit - p - 4 < 0) return NULL;
|
if (limit - ret - 4 < 0) return NULL;
|
||||||
|
|
||||||
s2n(TLSEXT_TYPE_server_name,ret);
|
s2n(TLSEXT_TYPE_server_name,ret);
|
||||||
s2n(0,ret);
|
s2n(0,ret);
|
||||||
@@ -216,7 +216,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
|||||||
if (s->tlsext_ticket_expected
|
if (s->tlsext_ticket_expected
|
||||||
&& !(SSL_get_options(s) & SSL_OP_NO_TICKET))
|
&& !(SSL_get_options(s) & SSL_OP_NO_TICKET))
|
||||||
{
|
{
|
||||||
if (limit - p - 4 < 0) return NULL;
|
if (limit - ret - 4 < 0) return NULL;
|
||||||
s2n(TLSEXT_TYPE_session_ticket,ret);
|
s2n(TLSEXT_TYPE_session_ticket,ret);
|
||||||
s2n(0,ret);
|
s2n(0,ret);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user