From: | "Doug Klima (cardoe)" <cardoe@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-0.9.8g-sslv3-no-tlsext.patch |
Date: | Tue, 25 Mar 2008 00:27:19 |
Message-Id: | E1Jdx0X-0006eC-4s@stork.gentoo.org |
1 | cardoe 08/03/25 00:27:17 |
2 | |
3 | Added: openssl-0.9.8g-sslv3-no-tlsext.patch |
4 | Log: |
5 | Patch from OpenSSL's bug tracker not to send TLS Extensions on SSLv3 only connections, while not explicitly against the SSL spec, several SSL implementations can not handle it. Patch by Kaspar Brand <ossl-rt@×××××.ch> from http://rt.openssl.org/Ticket/Display.html?id=1629. Resolves bug #198914 |
6 | (Portage version: 2.1.4.4) |
7 | |
8 | Revision Changes Path |
9 | 1.1 dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch |
10 | |
11 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch?rev=1.1&view=markup |
12 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch?rev=1.1&content-type=text/plain |
13 | |
14 | Index: openssl-0.9.8g-sslv3-no-tlsext.patch |
15 | =================================================================== |
16 | ndex: ssl/t1_lib.c |
17 | =================================================================== |
18 | RCS file: /home/ossl-cvs/openssl/ssl/t1_lib.c,v |
19 | retrieving revision 1.51 |
20 | diff -p -u -r1.51 t1_lib.c |
21 | --- ssl/t1_lib.c 26 Oct 2007 12:06:35 -0000 1.51 |
22 | +++ ssl/t1_lib.c 26 Feb 2008 18:02:50 -0000 |
23 | @@ -267,6 +267,10 @@ unsigned char *ssl_add_clienthello_tlsex |
24 | int extdatalen=0; |
25 | unsigned char *ret = p; |
26 | |
27 | + /* don't add extensions for SSLv3 */ |
28 | + if (s->client_version == SSL3_VERSION) |
29 | + return p; |
30 | + |
31 | ret+=2; |
32 | |
33 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ |
34 | @@ -448,6 +452,10 @@ unsigned char *ssl_add_serverhello_tlsex |
35 | int extdatalen=0; |
36 | unsigned char *ret = p; |
37 | |
38 | + /* don't add extensions for SSLv3 */ |
39 | + if (s->version == SSL3_VERSION) |
40 | + return p; |
41 | + |
42 | ret+=2; |
43 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ |
44 | |
45 | |
46 | |
47 | -- |
48 | gentoo-commits@l.g.o mailing list |