In message <[EMAIL PROTECTED]> on Wed, 14 Jan 2004 18:35:52 +0200, Adi Stav <[EMAIL
PROTECTED]> said:
AdiS> In versions engine-0.9.6l and engine-0.9.6k it is no longer possible to
AdiS> connect using the EXP1024-DES-CBC-SHA cipher suite:
The following patch (or a recent snapshot of the 0.9.6 branch) fixes
the problem:
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.31.2.18
retrieving revision 1.31.2.19
diff -u -r1.31.2.18 -r1.31.2.19
--- ssl/s3_clnt.c 27 Sep 2003 19:32:12 -0000 1.31.2.18
+++ ssl/s3_clnt.c 28 Nov 2003 23:03:16 -0000 1.31.2.19
@@ -1786,7 +1786,7 @@
if (algs & SSL_kRSA)
{
if (rsa == NULL
- || RSA_size(rsa) >
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+ || RSA_size(rsa)*8 >
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
@@ -1798,7 +1798,7 @@
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
- || DH_size(dh) >
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+ || DH_size(dh)*8 >
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte \ Tunnlandsv�gen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
