diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-27 16:52:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-02-27 20:31:28 +0000 |
commit | 6e20f556465f082dd4fdbd096a488e37528ddebf (patch) | |
tree | ac6ce604ca021f871d519c609e099e585478ac28 /ssl/ssl_asn1.c | |
parent | 87cd297d149495eca0735ec5653c19acaf69286e (diff) |
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.
This change fixes d2i_SSL_SESSION for that DTLS version.
Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3704
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/ssl_asn1.c
Diffstat (limited to 'ssl/ssl_asn1.c')
-rw-r--r-- | ssl/ssl_asn1.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index f8c265cdde..39d48eabf0 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, id = 0x02000000L | ((unsigned long)os.data[0] << 16L) | ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2]; - } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR + || (ssl_version >> 8) == DTLS1_VERSION_MAJOR + || ssl_version == DTLS1_BAD_VER) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; c.line = __LINE__; |