There appears to be a bug in s3_read_bytes when trying to make a
connection to a port open for a non-tls service. As the comment
indicates, tls client just ignores records that it doesn't know about,
but the current code does not try to get a new record and ends up
looping on the same record.
The relatively straightforward patch against 0.9.6b (I checked that
the just released 0.9.6c has the same problem) forces a check for a
new record at the top of the record parsing loop.
I'm not on the dev list (anymore), but if you could cc me on any
discussion I would appreciate it.
\p
---
The worst thing in this world, next to anarchy, is government
--- Reverend Henry Ward Beecher
-- cut here --
diff -ur openssl-0.9.6b-orig/ssl/s3_pkt.c openssl-0.9.6b-qualys/ssl/s3_pkt.c
--- openssl-0.9.6b-orig/ssl/s3_pkt.c Mon Dec 25 10:41:37 2000
+++ openssl-0.9.6b-qualys/ssl/s3_pkt.c Fri Dec 21 12:51:07 2001
@@ -1053,10 +1053,17 @@
{
default:
#ifndef NO_TLS
- /* TLS just ignores unknown message types */
+ /* TLS just ignores unknown message types
+ *
+ * dpc - 2001-12-20 - FixMe - However, we have to
+ * 'drop' the current record and get a new one
+ * otherwise we'll be looping on the same record
+ * forever.
+ */
if (s->version == TLS1_VERSION)
{
- goto start;
+ rr->length = 0;
+ goto start;
}
#endif
al=SSL_AD_UNEXPECTED_MESSAGE;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
