27847ae318
- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final.
26 lines
942 B
Diff
26 lines
942 B
Diff
Adding struct member is ABI breaker however as the structure is always allocated by
|
|
the library calls we just move it to the end and it should be reasonably safe.
|
|
diff -up openssl-1.0.0-beta4/ssl/dtls1.h.dtls1-abi openssl-1.0.0-beta4/ssl/dtls1.h
|
|
--- openssl-1.0.0-beta4/ssl/dtls1.h.dtls1-abi 2009-11-12 14:34:37.000000000 +0100
|
|
+++ openssl-1.0.0-beta4/ssl/dtls1.h 2009-11-12 14:47:57.000000000 +0100
|
|
@@ -216,9 +216,6 @@ typedef struct dtls1_state_st
|
|
*/
|
|
record_pqueue buffered_app_data;
|
|
|
|
- /* Is set when listening for new connections with dtls1_listen() */
|
|
- unsigned int listen;
|
|
-
|
|
unsigned int mtu; /* max DTLS packet size */
|
|
|
|
struct hm_header_st w_msg_hdr;
|
|
@@ -242,6 +239,9 @@ typedef struct dtls1_state_st
|
|
unsigned int retransmitting;
|
|
unsigned int change_cipher_spec_ok;
|
|
|
|
+ /* Is set when listening for new connections with dtls1_listen() */
|
|
+ unsigned int listen;
|
|
+
|
|
} DTLS1_STATE;
|
|
|
|
typedef struct dtls1_record_data_st
|