Don't send SCSV if TLS extensions are disabled. Applies to 1.0.1e also.
Also see Ticket #2788. (I did not investigate item #2 in that Ticket though.)
system:lowe/FIXED/openssl-0.9.8y/ssl 28% diff -p
~/working/openssl-0.9.8y/ssl/ssl_lib.c ./ssl_lib.c
*** /home/lowe/working/openssl-0.9.8y/ssl/ssl_lib.c Tue Feb 5 05:58:59 2013
--- ./ssl_lib.c Mon Mar 11 16:18:15 2013
*************** int ssl_cipher_list_to_bytes(SSL *s,STAC
*** 1304,1309 ****
--- 1304,1310 ----
j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
p+=j;
}
+ #ifndef OPENSSL_NO_TLSEXT
/* If p == q, no ciphers and caller indicates an error. Otherwise
* add SCSV if not renegotiating.
*/
*************** int ssl_cipher_list_to_bytes(SSL *s,STAC
*** 1319,1324 ****
--- 1320,1326 ----
fprintf(stderr, "SCSV sent by client\n");
#endif
}
+ #endif /* OPENSSL_NO_TLSEXT */
return(p-q);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
