Really fix SSLv2 session ID handling
PR: 377
This commit is contained in:
Lutz Jänicke
parent
0e4aa0d2d2
commit
8ec16ce711
9
CHANGES
9
CHANGES
@ -375,6 +375,15 @@ TODO: bug: pad x with leading zeros if necessary
|
|||||||
|
|
||||||
Changes between 0.9.7 and 0.9.7a [XX xxx 2003]
|
Changes between 0.9.7 and 0.9.7a [XX xxx 2003]
|
||||||
|
|
||||||
|
*) Another fix for SSLv2 session ID handling: the session ID was incorrectly
|
||||||
|
checked on reconnect on the client side, therefore session resumption
|
||||||
|
could still fail with a "ssl session id is different" error. This
|
||||||
|
behaviour is masked when SSL_OP_ALL is used due to
|
||||||
|
SSL_OP_MICROSOFT_SESS_ID_BUG being set.
|
||||||
|
Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
|
||||||
|
followup to PR #377.
|
||||||
|
[Lutz Jaenicke]
|
||||||
|
|
||||||
*) IA-32 assembler support enhancements: unified ELF targets, support
|
*) IA-32 assembler support enhancements: unified ELF targets, support
|
||||||
for SCO/Caldera platforms, fix for Cygwin shared build.
|
for SCO/Caldera platforms, fix for Cygwin shared build.
|
||||||
[Andy Polyakov]
|
[Andy Polyakov]
|
||||||
|
|||||||
@ -1021,7 +1021,7 @@ static int get_server_finished(SSL *s)
|
|||||||
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
|
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
|
||||||
{
|
{
|
||||||
if ((s->session->session_id_length > sizeof s->session->session_id)
|
if ((s->session->session_id_length > sizeof s->session->session_id)
|
||||||
|| (0 != memcmp(buf, s->session->session_id,
|
|| (0 != memcmp(buf + 1, s->session->session_id,
|
||||||
(unsigned int)s->session->session_id_length)))
|
(unsigned int)s->session->session_id_length)))
|
||||||
{
|
{
|
||||||
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user