SSLv2 support has been removed from master, but is still present in 1.0.2. Adding a range check in ssl_get_prev_session() broke the SSLv2 codepath because it supplied NULL as the 'limit' parameter that had not previously been used for SSLv2 (or v3), so the fix is just to supply a non-NULL limit.
Patch at https://github.com/openssl/openssl/pull/395 . _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
