diff options
author | Bodo Möller <bodo@openssl.org> | 2002-01-14 23:40:26 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2002-01-14 23:40:26 +0000 |
commit | 8c74b5e56ce4515c8f0c16a79788cf083f8c101e (patch) | |
tree | 26d1e17a85a2f42ffcc3a17c8e1e610c352b81f6 /CHANGES | |
parent | c59ba5b5287b6e4ab6bd8e097baab579622d8160 (diff) |
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -12,6 +12,19 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of + ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag + variable as an indication that a ClientHello message has been + received. As the flag value will be lost between multiple + invocations of ssl3_accept when using non-blocking I/O, the + function may not be aware that a handshake has actually taken + place, thus preventing a new session from being added to the + session cache. + + To avoid this problem, we now set s->new_session to 2 instead of + using a local variable. + [Lutz Jaenicke, Bodo Moeller] + *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if the SSL_R_LENGTH_MISMATCH error is detected. [Geoff Thorpe, Bodo Moeller] |