Fix wrong handling of session ID in SSLv2 client code.

PR: 377
2002-12-29 20:58:55 +00:00 · 2002-12-29 20:58:55 +00:00 · ef9d3a10c3
commit ef9d3a10c3
parent 20c9a50710
2 changed files with 10 additions and 1 deletions
--- a/9
+++ b/9
@ -4,6 +4,15 @@

 Changes between 0.9.6h and 0.9.7  [XX xxx 2002]

+  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+     code (06) was taken as the first octet of the session ID and the last
+     octet was ignored consequently. As a result SSLv2 client side session
+     caching could not have worked due to the session ID mismatch between
+     client and server.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     PR #377.
+     [Lutz Jaenicke]
+
  *) Change the declaration of needed Kerberos libraries to use EX_LIBS
     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
     removed entirely.
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@ -1014,7 +1014,7 @@ static int get_server_finished(SSL *s)
 		 * or bad things can happen */
 		/* ZZZZZZZZZZZZZ */
 		s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
-		memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
+		memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
 		}
 	else
 		{