Fix for Netscape "hang" bug.
This commit is contained in:
parent
ea96c4bc7f
commit
de469ef21e
6
CHANGES
6
CHANGES
@ -4,6 +4,12 @@
|
||||
|
||||
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
|
||||
|
||||
*) Work around for Netscape hang bug. This sends certificate request
|
||||
and server done in one record. Since this is perfectly legal in the
|
||||
SSL/TLS protocol it isn't a "bug" option and is on by default. See
|
||||
the bugs/SSLv3 entry for more info.
|
||||
[Steve Henson]
|
||||
|
||||
*) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
|
||||
[Andy Polyakov]
|
||||
|
||||
|
@ -39,3 +39,11 @@ SSL_shutdown() and still sharing the socket with its parent).
|
||||
|
||||
Netscape, when using export ciphers, will accept a 1024 bit temporary
|
||||
RSA key. It is supposed to only accept 512.
|
||||
|
||||
If Netscape connects to a server which requests a client certificate
|
||||
it will frequently hang after the user has selected one and never
|
||||
complete the connection. Hitting "Stop" and reload fixes this and
|
||||
all subsequent connections work fine. This appears to be because
|
||||
Netscape wont read any new records in when it is awaiting a server
|
||||
done message at this point. The fix is to send the certificate request
|
||||
and server done messages in one record.
|
||||
|
@ -57,6 +57,8 @@
|
||||
*/
|
||||
|
||||
#define REUSE_CIPHER_BUG
|
||||
#define NETSCAPE_HANG_BUG
|
||||
|
||||
|
||||
#include <stdio.h>
|
||||
#include <openssl/buffer.h>
|
||||
@ -313,7 +315,12 @@ int ssl3_accept(SSL *s)
|
||||
s->s3->tmp.cert_request=1;
|
||||
ret=ssl3_send_certificate_request(s);
|
||||
if (ret <= 0) goto end;
|
||||
#ifndef NETSCAPE_HANG_BUG
|
||||
s->state=SSL3_ST_SW_SRVR_DONE_A;
|
||||
#else
|
||||
s->state=SSL3_ST_SW_FLUSH;
|
||||
s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
|
||||
#endif
|
||||
s->init_num=0;
|
||||
}
|
||||
break;
|
||||
@ -1194,6 +1201,17 @@ static int ssl3_send_certificate_request(SSL *s)
|
||||
|
||||
s->init_num=n+4;
|
||||
s->init_off=0;
|
||||
#ifdef NETSCAPE_HANG_BUG
|
||||
p=(unsigned char *)s->init_buf->data + s->init_num;
|
||||
|
||||
/* do the header */
|
||||
*(p++)=SSL3_MT_SERVER_DONE;
|
||||
*(p++)=0;
|
||||
*(p++)=0;
|
||||
*(p++)=0;
|
||||
s->init_num += 4;
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
/* SSL3_ST_SW_CERT_REQ_B */
|
||||
|
Loading…
x
Reference in New Issue
Block a user