Hi, I am using openssl-1.0.0d and have been applying patches provided earlier and was able to apply this patch cleanly but it fails compilation. The "listen" comes up as a undeclared identifier. Can you recheck the patch?.
Thanks, -Yogi On Wed, Jul 6, 2011 at 11:41 AM, Robin Seggelmann via RT <r...@openssl.org> wrote: > This patch fixes that the server increases the expected handshake sequence > number while listening for new connections, although its supposed to not > change its state. The server also reflects the record sequence numbers of > ClientHellos in its HelloVerifyRequest and ServerHello messages now to remain > stateless, as described in > http://tools.ietf.org/html/draft-ietf-tls-rfc4347-bis-06. > > Thanks to Yogesh Chopra for providing hints! > > Best regards > Robin > > > > > --- ssl/d1_srvr.c 25 May 2011 14:29:55 -0000 1.20.2.18 > +++ ssl/d1_srvr.c 6 Jul 2011 10:06:25 -0000 > @@ -167,6 +167,8 @@ > s->in_handshake++; > if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); > > + s->d1->listen = listen; > + > if (s->cert == NULL) > { > SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); > @@ -276,6 +278,12 @@ > > s->init_num=0; > > + /* Reflect ClientHello sequence to remain stateless > while listening */ > + if (listen) > + { > + memcpy(s->s3->write_sequence, > s->s3->read_sequence, sizeof(s->s3->write_sequence)); > + } > + > /* If we're just listening, stop here */ > if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) > { > > > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
