[openssl-dev] [openssl.org #3915] BUG/PATCH: ssl_sess.c no longer compiles when no-tlsext is specified

From ticket 2720, it seems the official position is that no-tlsext is NOT supported. However, for those who still try to use it, the recent fixes for CVE-2015-1791 seem to have introduced more problems for the 0.9.8 code base (and maybe others - not sure). This report can be added to RT#2720.

[openssl.org #3365] Wrong parameter types in SSL_set_msg_callback[_arg] man page

SSL_CTX_set_msg_callback.pod lists the first parameter to the SSL_set_msg_callback[_arg] functions as type SSL_CTX * when they are, in fact, SSL *. Geoff - Geoff Lowe Principal Engineer McAfee, Inc. __ OpenSSL Project

[openssl.org #3037] [PATCH] so 1.0.1e will build with no-tlsext option specified

These patches primarily move around a few #ifdefs so that 1.0.1e will compile when the no-tlsext option is specified. Note that when no-tlsext is specified, no-srtp is forced now too in addition to no-srp and no-heartbeats. I'm not 100% confident in these changes, so I'd appreciate some level

[openssl.org #3013] Sending SCSV when TLS extensions are disabled

Don't send SCSV if TLS extensions are disabled. Applies to 1.0.1e also. Also see Ticket #2788. (I did not investigate item #2 in that Ticket though.) system:lowe/FIXED/openssl-0.9.8y/ssl 28% diff -p ~/working/openssl-0.9.8y/ssl/ssl_lib.c ./ssl_lib.c ***

[openssl.org #2999] Incomplete fix to remove SSL3_RECORD-orig_len

On 0.9.8 branch: ssl/t1_enc.c tls1_mac() approximately line 771: #ifdef OPENSSL_FIPS if (!send FIPS_mode()) tls_fips_digest_extra( ssl-enc_read_ctx, hash,