On Wed, Jun 18, 2014 at 12:45:20PM -0700, Steve Bush wrote:
> I downloaded openssl-0.9.8y and 0.9.8za
>From openssl.org, or from a vendor patched package?
> and looked at all the changes and in ssl/s3_enc.c and ssl/t1_enc.c, the
> following lines were added in 0.9.8za to the "int ssl3_alert_code(int
> code)" and "int tls1_alert_code(int code)" functions to handle
> SSL_AD_UNRECOGNIZED_NAME
In OpenSSL from openssl.org the change is:
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 323d384..ad6b637 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -853,6 +853,12 @@ int tls1_alert_code(int code)
[...]
+ case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME);
[...]
> I just confirmed that the change to ssl/t1_enc.c from 0.9.8y to 0.9.8za
> triggered this. I commented out the line marked below in both files and
> it resolves my problem.
>
> [...snip...]
> /*
> * Commenting out this next line resolves my problem (causes this
> * function to return -1 instead of SSL3_AD_HANDSHAKE_FAILURE)
> */
> case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE);
> [...snip...]
Where did the "HANDSHAKE_FAILURE" come from? Did some vendor patchset
"improve" the code?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
