diff options
| author | markus <> | 2009-11-10 09:09:40 +0000 |
|---|---|---|
| committer | markus <> | 2009-11-10 09:09:40 +0000 |
| commit | fe6c9378da6c3c76e86e1fa03619eda8e4da9408 (patch) | |
| tree | 1ee3d60cfc9aa5a4238a876f10fd267d699c4e14 /src/lib/libssl/s3_pkt.c | |
| parent | 11d78159f32f020cba13d2025ccc5caa8b71aaae (diff) | |
| download | openbsd-fe6c9378da6c3c76e86e1fa03619eda8e4da9408.tar.gz openbsd-fe6c9378da6c3c76e86e1fa03619eda8e4da9408.tar.bz2 openbsd-fe6c9378da6c3c76e86e1fa03619eda8e4da9408.zip | |
pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from
openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 9476dcddf6..b98b84044f 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -985,6 +985,7 @@ start: | |||
| 985 | 985 | ||
| 986 | if (SSL_is_init_finished(s) && | 986 | if (SSL_is_init_finished(s) && |
| 987 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 987 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
| 988 | (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && | ||
| 988 | !s->s3->renegotiate) | 989 | !s->s3->renegotiate) |
| 989 | { | 990 | { |
| 990 | ssl3_renegotiate(s); | 991 | ssl3_renegotiate(s); |
| @@ -1117,7 +1118,8 @@ start: | |||
| 1117 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) | 1118 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) |
| 1118 | { | 1119 | { |
| 1119 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 1120 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && |
| 1120 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | 1121 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
| 1122 | (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | ||
| 1121 | { | 1123 | { |
| 1122 | #if 0 /* worked only because C operator preferences are not as expected (and | 1124 | #if 0 /* worked only because C operator preferences are not as expected (and |
| 1123 | * because this is not really needed for clients except for detecting | 1125 | * because this is not really needed for clients except for detecting |