Fix SSL 2.0 rollback checking: The previous implementation of the

test was never triggered due to an off-by-one error. In s23_clnt.c, don't use special rollback-attack detection padding (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the client; similarly, in s23_srvr.c, don't do the rollback check if SSL 2.0 is the only protocol enabled in the server.
author: Bodo Möller <bodo@openssl.org> 2000-07-29 18:50:41 +0000
committer: Bodo Möller <bodo@openssl.org> 2000-07-29 18:50:41 +0000
commit: 37569e64e8012014a4b027d896da6c6cdf372507 (patch)
tree: 5a9b45aaab90f88ef9770f6d896e81f2fd6e7066 /ssl/s23_clnt.c
parent: a657546f9c376f4b7ba4dce14649598fb1a38de5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index aaedf6a9bb..99a4358255 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -366,7 +366,8 @@ static int ssl23_get_server_hello(SSL *s)
 			}
 
 		s->state=SSL2_ST_GET_SERVER_HELLO_A;
-		s->s2->ssl2_rollback=1;
+		if (!(s->client_version == SSL2_VERSION))
+			s->s2->ssl2_rollback=1;
 
 		/* setup the 5 bytes we have read so we get them from
 		 * the sslv2 buffer */
author	Bodo Möller <bodo@openssl.org>	2000-07-29 18:50:41 +0000
committer	Bodo Möller <bodo@openssl.org>	2000-07-29 18:50:41 +0000
commit	37569e64e8012014a4b027d896da6c6cdf372507 (patch)
tree	5a9b45aaab90f88ef9770f6d896e81f2fd6e7066 /ssl/s23_clnt.c
parent	a657546f9c376f4b7ba4dce14649598fb1a38de5 (diff)