OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Bodo
Moeller
Root: /v/openssl/cvs Email: bodo openssl.org
Module: openssl Date:
29-Nov-2006 15:45:51
Branch: HEAD Handle:
2006112914454901
Modified files:
openssl CHANGES
openssl/ssl d1_pkt.c s23_clnt.c s23_srvr.c
s3_pkt.c s3_srvr.c
Log:
fix support for receiving fragmented handshake messages
Summary:
Revision Changes Path
1.1361 +25 -5 openssl/CHANGES
1.16 +1 -5 openssl/ssl/d1_pkt.c
1.38 +0 -1 openssl/ssl/s23_clnt.c
1.53 +0 -1 openssl/ssl/s23_srvr.c
1.61 +1 -5 openssl/ssl/s3_pkt.c
1.148 +2 -1 openssl/ssl/s3_srvr.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/CHANGES
============================================================
================
$ cvs diff -u -r1.1360 -r1.1361 CHANGES
--- openssl/CHANGES 27 Nov 2006 14:17:56 -0000 1.1360
+++ openssl/CHANGES 29 Nov 2006 14:45:49 -0000 1.1361
-4,11 +4,6
Changes between 0.9.8e and 0.9.9 [xx XXX xxxx]
- *) Load error codes if they are not already present
instead of using a
- static variable. This allows them to be cleanly
unloaded and reloaded.
- Improve header file function name parsing.
- [Steve Henson]
-
*) Initial incomplete changes to avoid need for
function casts in OpenSSL
when OPENSSL_NO_FCAST is set: some compilers (gcc
4.2 and later) reject
their use. Safestack is reimplemented using inline
functions: tests show
-423,9 +418,21
Changes between 0.9.8d and 0.9.8e [XX xxx XXXX]
+ *) Have SSL/TLS server implementation tolerate
"mismatched" record
+ protocol version while receiving ClientHello even if
the
+ ClientHello is fragmented. (The server can't insist
on the
+ particular protocol version it has chosen before the
ServerHello
+ message has informed the client about his choice.)
+ [Bodo Moeller]
+
*) Add RFC 3779 support.
[Rob Austein for ARIN, Ben Laurie]
+ *) Load error codes if they are not already present
instead of using a
+ static variable. This allows them to be cleanly
unloaded and reloaded.
+ Improve header file function name parsing.
+ [Steve Henson]
+
Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
*) Introduce limits to prevent malicious keys being
able to
-1430,6 +1437,19
differing sizes.
[Richard Levitte]
+ Changes between 0.9.7l and 0.9.7m [xx XXX xxxx]
+
+ *) Have SSL/TLS server implementation tolerate
"mismatched" record
+ protocol version while receiving ClientHello even if
the
+ ClientHello is fragmented. (The server can't insist
on the
+ particular protocol version it has chosen before the
ServerHello
+ message has informed the client about his choice.)
+ [Bodo Moeller]
+
+ *) Load error codes if they are not already present
instead of using a
+ static variable. This allows them to be cleanly
unloaded and reloaded.
+ [Steve Henson]
+
Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
*) Introduce limits to prevent malicious keys being
able to
.
patch -p0 <<' .'
Index: openssl/ssl/d1_pkt.c
============================================================
================
$ cvs diff -u -r1.15 -r1.16 d1_pkt.c
--- openssl/ssl/d1_pkt.c 23 Sep 2006 17:29:49 -0000 1.15
+++ openssl/ssl/d1_pkt.c 29 Nov 2006 14:45:50 -0000 1.16
-573,11 +573,7
n2s(p,rr->length);
/* Lets check version */
- if (s->first_packet)
- {
- s->first_packet=0;
- }
- else
+ if (!s->first_packet)
{
if (version != s->version)
{
.
patch -p0 <<' .'
Index: openssl/ssl/s23_clnt.c
============================================================
================
$ cvs diff -u -r1.37 -r1.38 s23_clnt.c
--- openssl/ssl/s23_clnt.c 11 Jan 2006 07:18:34 -0000 1.37
+++ openssl/ssl/s23_clnt.c 29 Nov 2006 14:45:50 -0000 1.38
-638,7 +638,6
if (!ssl_get_new_session(s,0))
goto err;
- s->first_packet=1;
return(SSL_connect(s));
err:
return(-1);
.
patch -p0 <<' .'
Index: openssl/ssl/s23_srvr.c
============================================================
================
$ cvs diff -u -r1.52 -r1.53 s23_srvr.c
--- openssl/ssl/s23_srvr.c 3 Jan 2006 03:27:18 -0000 1.52
+++ openssl/ssl/s23_srvr.c 29 Nov 2006 14:45:50 -0000 1.53
-576,7 +576,6
s->init_num=0;
if (buf != buf_space) OPENSSL_free(buf);
- s->first_packet=1;
return(SSL_accept(s));
err:
if (buf != buf_space) OPENSSL_free(buf);
.
patch -p0 <<' .'
Index: openssl/ssl/s3_pkt.c
============================================================
================
$ cvs diff -u -r1.60 -r1.61 s3_pkt.c
--- openssl/ssl/s3_pkt.c 20 Oct 2006 11:26:00 -0000 1.60
+++ openssl/ssl/s3_pkt.c 29 Nov 2006 14:45:50 -0000 1.61
-307,11 +307,7
#endif
/* Lets check version */
- if (s->first_packet)
- {
- s->first_packet=0;
- }
- else
+ if (!s->first_packet)
{
if (version != s->version)
{
.
patch -p0 <<' .'
Index: openssl/ssl/s3_srvr.c
============================================================
================
$ cvs diff -u -r1.147 -r1.148 s3_srvr.c
--- openssl/ssl/s3_srvr.c 28 Sep 2006 13:18:43 -0000 1.147
+++ openssl/ssl/s3_srvr.c 29 Nov 2006 14:45:50 -0000 1.148
-715,9 +715,9
*/
if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
{
- s->first_packet=1;
s->state=SSL3_ST_SR_CLNT_HELLO_B;
}
+ s->first_packet=1;
n=s->method->ssl_get_message(s,
SSL3_ST_SR_CLNT_HELLO_B,
SSL3_ST_SR_CLNT_HELLO_C,
-726,6 +726,7
&ok);
if (!ok) return((int)n);
+ s->first_packet=0;
d=p=(unsigned char *)s->init_msg;
/* use version from inside client hello, not from record
header
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|