Sometime in the last couple of weeks the following change was made to
s3_clnt.c
698,699c699
< if (s->hit && (s->session->cipher != c))
---
> if (s->hit && (s->session->cipher_id != c->id))
The only problem is that at this point in time the cipher_id field of
the SSL_SESSION has not been set. Therefore, this test fails.
If you do not trust the pointer comparison (and I wouldn't) the
following change does work
if (s->hit && (s->session->cipher->id != c->id))
It is interesting to note that in i2d_SSL_SESSION() the following code
is used to determine the cipher id:
if (in->cipher == NULL)
l=in->cipher_id;
else
l=in->cipher->id;
This leads me to believe the proper change should look like:
if (s->session->cipher == NULL)
id=s->session->cipher_id;
else
id=s->session->cipher->id;
if (s->hit && (id != c->id))
I do wonder why the SSL_SESSION cipher_id field is not consistently
set when the cipher itself is set.
Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!!
The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP
http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
