Really fix SSLv2 session ID handling

PR: 377
This commit is contained in:
Lutz Jänicke 2003-01-15 09:51:22 +00:00
parent 0e4aa0d2d2
commit 8ec16ce711
2 changed files with 10 additions and 1 deletions

View File

@ -375,6 +375,15 @@ TODO: bug: pad x with leading zeros if necessary
Changes between 0.9.7 and 0.9.7a [XX xxx 2003] Changes between 0.9.7 and 0.9.7a [XX xxx 2003]
*) Another fix for SSLv2 session ID handling: the session ID was incorrectly
checked on reconnect on the client side, therefore session resumption
could still fail with a "ssl session id is different" error. This
behaviour is masked when SSL_OP_ALL is used due to
SSL_OP_MICROSOFT_SESS_ID_BUG being set.
Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
followup to PR #377.
[Lutz Jaenicke]
*) IA-32 assembler support enhancements: unified ELF targets, support *) IA-32 assembler support enhancements: unified ELF targets, support
for SCO/Caldera platforms, fix for Cygwin shared build. for SCO/Caldera platforms, fix for Cygwin shared build.
[Andy Polyakov] [Andy Polyakov]

View File

@ -1021,7 +1021,7 @@ static int get_server_finished(SSL *s)
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{ {
if ((s->session->session_id_length > sizeof s->session->session_id) if ((s->session->session_id_length > sizeof s->session->session_id)
|| (0 != memcmp(buf, s->session->session_id, || (0 != memcmp(buf + 1, s->session->session_id,
(unsigned int)s->session->session_id_length))) (unsigned int)s->session->session_id_length)))
{ {
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);