On Wed, Jun 18, 2014, Steve Bush wrote: > > I downloaded openssl-0.9.8y and 0.9.8za and looked at all the changes and in > ssl/s3_enc.c and ssl/t1_enc.c, the following lines were added in 0.9.8za to > the "int ssl3_alert_code(int code)" and "int tls1_alert_code(int code)" > functions to handle SSL_AD_UNRECOGNIZED_NAME >
OpenSSL 0.9.8 before za didn't send an unecognised name alert and its behaviour was inconsistent with 1.0.0 and later. The change fixed this. Apache 2.2 specificically tells openssl to return an unrecognized name alert but due to the bug in 0.9.8 this wasn't actually done. If you'd used 2.2 with OpenSSL 1.0.0 or later you'd have seen this earlier. Apache later than 2.4 no longer tells OpenSSL to send the alert. I'd suggest you update Apache so it no longer returns SSL_TLSEXT_ERR_ALERT_WARNING. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
