forked from rpms/openssl
- do not add tls extensions to server hello for SSLv3 either
This commit is contained in:
parent
acba378bc3
commit
c59bdb11a0
@ -1,17 +1,27 @@
|
||||
Skip adding tls extensions to client hello when protocol version is
|
||||
not TLS.
|
||||
diff -up openssl-0.9.8g/ssl/t1_lib.c.no-extssl openssl-0.9.8g/ssl/t1_lib.c
|
||||
--- openssl-0.9.8g/ssl/t1_lib.c.no-extssl 2007-10-19 09:44:10.000000000 +0200
|
||||
+++ openssl-0.9.8g/ssl/t1_lib.c 2007-12-13 17:22:10.000000000 +0100
|
||||
+++ openssl-0.9.8g/ssl/t1_lib.c 2008-08-10 21:42:11.000000000 +0200
|
||||
@@ -132,6 +132,11 @@ unsigned char *ssl_add_clienthello_tlsex
|
||||
int extdatalen=0;
|
||||
unsigned char *ret = p;
|
||||
|
||||
+ if (s->client_version != TLS1_VERSION && s->client_version != DTLS1_VERSION)
|
||||
+ {
|
||||
+ {
|
||||
+ return ret;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
ret+=2;
|
||||
|
||||
if (ret>=limit) return NULL; /* this really never occurs, but ... */
|
||||
@@ -202,6 +207,11 @@ unsigned char *ssl_add_serverhello_tlsex
|
||||
int extdatalen=0;
|
||||
unsigned char *ret = p;
|
||||
|
||||
+ if (s->version != TLS1_VERSION && s->version != DTLS1_VERSION)
|
||||
+ {
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
ret+=2;
|
||||
if (ret>=limit) return NULL; /* this really never occurs, but ... */
|
||||
|
||||
|
@ -22,7 +22,7 @@
|
||||
Summary: The OpenSSL toolkit
|
||||
Name: openssl
|
||||
Version: 0.9.8g
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
# We remove certain patented algorithms from the openssl source tarball
|
||||
# with the hobble-openssl script which is included below.
|
||||
Source: openssl-%{version}-usa.tar.bz2
|
||||
@ -368,6 +368,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Sun Aug 10 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-11
|
||||
- do not add tls extensions to server hello for SSLv3 either
|
||||
|
||||
* Mon Jun 2 2008 Joe Orton <jorton@redhat.com> 0.9.8g-10
|
||||
- move root CA bundle to ca-certificates package
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user