diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-27 16:52:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-02-27 20:29:03 +0000 |
commit | af674d4e20a82c2a98767b837072d7093c70b1cf (patch) | |
tree | cbfb711fd1223e03240ca66b245901db7d66da0f /ssl/ssl_asn1.c | |
parent | eadf70d2c885e3e4e943091eabfec1e73d4f3883 (diff) |
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.
This change fixes d2i_SSL_SESSION for that DTLS version.
Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3704
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/ssl_asn1.c')
-rw-r--r-- | ssl/ssl_asn1.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 63fe17f16e..dd02b4171a 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -410,7 +410,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, os.data = NULL; os.length = 0; M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); - if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + if ((ssl_version >> 8) == SSL3_VERSION_MAJOR + || (ssl_version >> 8) == DTLS1_VERSION_MAJOR + || ssl_version == DTLS1_BAD_VER) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; c.line = __LINE__; |