Hi Yogesh, The patch was created for the development version in the CVS, you can't use this patch for 1.0.0d without at least patch #2506 previously applied. So you either have to check out the 1.0.0-stable repository and apply the not yet applied patches #2550 and #2555 or you can use the cumulative patch for 1.0.0d from our website sctp.fh-muenster.de, which includes all patches since the last release.
I hope 1.0.0e will be released anytime soon, with the latest patches included. Makes things a lot easier. Best regards Robin On Jul 6, 2011, at 11:29 PM, Yogesh Chopra wrote: > Hi, > I am using openssl-1.0.0d and have been applying patches provided > earlier and was able to apply this patch cleanly but it fails > compilation. The "listen" comes up as a undeclared identifier. Can > you recheck the patch?. > > Thanks, > -Yogi > > On Wed, Jul 6, 2011 at 11:41 AM, Robin Seggelmann via RT <r...@openssl.org> > wrote: >> This patch fixes that the server increases the expected handshake sequence >> number while listening for new connections, although its supposed to not >> change its state. The server also reflects the record sequence numbers of >> ClientHellos in its HelloVerifyRequest and ServerHello messages now to >> remain stateless, as described in >> http://tools.ietf.org/html/draft-ietf-tls-rfc4347-bis-06. >> >> Thanks to Yogesh Chopra for providing hints! >> >> Best regards >> Robin >> >> >> >> >> --- ssl/d1_srvr.c 25 May 2011 14:29:55 -0000 1.20.2.18 >> +++ ssl/d1_srvr.c 6 Jul 2011 10:06:25 -0000 >> @@ -167,6 +167,8 @@ >> s->in_handshake++; >> if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); >> >> + s->d1->listen = listen; >> + >> if (s->cert == NULL) >> { >> SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); >> @@ -276,6 +278,12 @@ >> >> s->init_num=0; >> >> + /* Reflect ClientHello sequence to remain stateless >> while listening */ >> + if (listen) >> + { >> + memcpy(s->s3->write_sequence, >> s->s3->read_sequence, sizeof(s->s3->write_sequence)); >> + } >> + >> /* If we're just listening, stop here */ >> if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) >> { >> >> >> >> >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
