diff options
| author | markus <> | 2005-10-11 14:49:22 +0000 |
|---|---|---|
| committer | markus <> | 2005-10-11 14:49:22 +0000 |
| commit | 164df6c092320de260e414cd3b3c781d4e6cf718 (patch) | |
| tree | 44cf4d382c7dba11f569f128670f9e85ac1a6aab | |
| parent | e1d1b24354f52fc5c2530e9ea0bb3b597ad92fc5 (diff) | |
| download | openbsd-164df6c092320de260e414cd3b3c781d4e6cf718.tar.gz openbsd-164df6c092320de260e414cd3b3c781d4e6cf718.tar.bz2 openbsd-164df6c092320de260e414cd3b3c781d4e6cf718.zip | |
fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt)
from http://www.openssl.org/news/patch-CAN-2005-2969.txt
| -rw-r--r-- | src/lib/libssl/s23_srvr.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s23_srvr.c | 4 |
2 files changed, 2 insertions, 6 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index 92f3391f60..e9edc34328 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c | |||
| @@ -528,9 +528,7 @@ int ssl23_get_client_hello(SSL *s) | |||
| 528 | } | 528 | } |
| 529 | 529 | ||
| 530 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; | 530 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; |
| 531 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || | 531 | if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) |
| 532 | use_sslv2_strong || | ||
| 533 | (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) | ||
| 534 | s->s2->ssl2_rollback=0; | 532 | s->s2->ssl2_rollback=0; |
| 535 | else | 533 | else |
| 536 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 | 534 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 |
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c index 92f3391f60..e9edc34328 100644 --- a/src/lib/libssl/src/ssl/s23_srvr.c +++ b/src/lib/libssl/src/ssl/s23_srvr.c | |||
| @@ -528,9 +528,7 @@ int ssl23_get_client_hello(SSL *s) | |||
| 528 | } | 528 | } |
| 529 | 529 | ||
| 530 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; | 530 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; |
| 531 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || | 531 | if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) |
| 532 | use_sslv2_strong || | ||
| 533 | (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) | ||
| 534 | s->s2->ssl2_rollback=0; | 532 | s->s2->ssl2_rollback=0; |
| 535 | else | 533 | else |
| 536 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 | 534 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 |