diff options
author | Bodo Möller <bodo@openssl.org> | 2000-09-22 21:39:33 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2000-09-22 21:39:33 +0000 |
commit | f1192b7f2e2b6683333ee99ff7def5bb413dc3d2 (patch) | |
tree | 817d5d6087958de805c73db1b910d239300620ce /CHANGES | |
parent | dbba890cf11f5ec1e44166a51e0a4062ccdc5279 (diff) |
Avoid protocol rollback.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -4,6 +4,16 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) In ssl23_get_client_hello, generate an error message when faced + with an initial SSL 3.0/TLS record that is too small to contain the + first two bytes of the ClientHello message, i.e. client_version. + (Note that this is a pathologic case that probably has never happened + in real life.) The previous approach was to use the version number + from the record header as a subsitute; but our protocol choice + should not depend on that one because it is not authenticated + by the Finished messages. + [Bodo Moeller] + *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is not set then we don't setup the error code for issuer check errors to avoid possibly overwriting other errors which the callback does |