diff options
| author | brad <> | 2005-10-12 21:39:08 +0000 |
|---|---|---|
| committer | brad <> | 2005-10-12 21:39:08 +0000 |
| commit | 491ee839bffb03a4e183d29374785ee713f1ffc2 (patch) | |
| tree | 46a121264fd449df0617273657f4ceae60049d70 | |
| parent | ab475d6c082063be3cdaf2f91789c785c1b95f57 (diff) | |
| download | openbsd-OPENBSD_3_7.tar.gz openbsd-OPENBSD_3_7.tar.bz2 openbsd-OPENBSD_3_7.zip | |
MFC:OPENBSD_3_7
Fix by markus@
fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt)
from http://www.openssl.org/news/patch-CAN-2005-2969.txt
| -rw-r--r-- | src/lib/libssl/src/ssl/s23_srvr.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c index c5404ca0bc..0367cd2920 100644 --- a/src/lib/libssl/src/ssl/s23_srvr.c +++ b/src/lib/libssl/src/ssl/s23_srvr.c | |||
| @@ -519,9 +519,7 @@ int ssl23_get_client_hello(SSL *s) | |||
| 519 | } | 519 | } |
| 520 | 520 | ||
| 521 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; | 521 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; |
| 522 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || | 522 | if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) |
| 523 | use_sslv2_strong || | ||
| 524 | (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) | ||
| 525 | s->s2->ssl2_rollback=0; | 523 | s->s2->ssl2_rollback=0; |
| 526 | else | 524 | else |
| 527 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 | 525 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 |