PR: 1629

Submitted by: Kaspar Brand <ossl-rt@velox.ch> Approved by: steve@openssl.org Don't use extensions if using SSLv3: this chokes some broken servers.
author: Dr. Stephen Henson <steve@openssl.org> 2009-04-28 22:01:53 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-04-28 22:01:53 +0000
commit: 18f8258a87bd3b4099f5ab6f788c7bc2bfa00f9c (patch)
tree: 59294fb4424e18c30dec3c4361f481da679924e6 /ssl
parent: 376bbb5887031a1404bc9654f7974fd612fbad59 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3c6907f608..bd849ac593 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -275,6 +275,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;
 
+	/* don't add extensions for SSLv3 */
+	if (s->client_version == SSL3_VERSION)
+		return p;
+
 	ret+=2;
 
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -472,6 +476,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;
 
+	/* don't add extensions for SSLv3 */
+	if (s->version == SSL3_VERSION)
+		return p;
+	
 	ret+=2;
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
author	Dr. Stephen Henson <steve@openssl.org>	2009-04-28 22:01:53 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-04-28 22:01:53 +0000
commit	18f8258a87bd3b4099f5ab6f788c7bc2bfa00f9c (patch)
tree	59294fb4424e18c30dec3c4361f481da679924e6 /ssl
parent	376bbb5887031a1404bc9654f7974fd612fbad59 (diff)