Lutz Jaenicke wrote:
On Fri, Sep 20, 2002 at 10:34:27AM +0200, Bodo Moeller wrote:
On Thu, Sep 19, 2002 at 01:44:01PM +0200, Bodo Moeller via RT wrote:
I don't know why that message is empty. What I wrote is that this
should now be fixed in the current snapshots (0.9.6-stable and
0.9.8-dev
On Thu, Sep 19, 2002 at 01:44:01PM +0200, Bodo Moeller via RT wrote:
I don't know why that message is empty. What I wrote is that this
should now be fixed in the current snapshots (0.9.6-stable and
0.9.8-dev -- seems I forgot about 0.9.7-stable, this will have the
fix tomorry).
--
Bodo
On Fri, Sep 20, 2002 at 10:34:27AM +0200, Bodo Moeller wrote:
On Thu, Sep 19, 2002 at 01:44:01PM +0200, Bodo Moeller via RT wrote:
I don't know why that message is empty. What I wrote is that this
should now be fixed in the current snapshots (0.9.6-stable and
0.9.8-dev -- seems I forgot
This SSLeay/OpenSSL behaviour appears to be correct; from RFC 2246:
session_id_length
This field must have a value of either zero or 16. If zero, the
client is creating a new session. If 16, the session_id field
Sorry, the RFC 2246 quote was incorrect -- the value 16 is for
SSL 2.0 session IDs only, and the SSLeay/OpenSSL interpretation
indeed is buggy.
__
OpenSSL Project http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
There seems to be a bug in ssl/s3_clnt.c in both 0.9.6g
and 0.9.7beta3. The problem is that the OpenSSL client software
will send an IllegalParameter alert and abort the handshake with certain SSLv3
and TLS servers.
In 0.9.6g, the code starts on line 643 (line 639 in 0.9.7beta3):
if ((j !=