From 8ec16ce7110a9b60bb6a616c4f0ad2df6cb08894 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Wed, 15 Jan 2003 09:51:22 +0000
Subject: Really fix SSLv2 session ID handling

PR: 377
---
 CHANGES | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 4b11fc9c53..c3176727e5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -375,6 +375,15 @@ TODO: bug: pad  x  with leading zeros if necessary
  
  Changes between 0.9.7 and 0.9.7a  [XX xxx 2003]
 
+  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+     checked on reconnect on the client side, therefore session resumption
+     could still fail with a "ssl session id is different" error. This
+     behaviour is masked when SSL_OP_ALL is used due to
+     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     followup to PR #377.
+     [Lutz Jaenicke]
+
   *) IA-32 assembler support enhancements: unified ELF targets, support
      for SCO/Caldera platforms, fix for Cygwin shared build.
      [Andy Polyakov]
-- 
cgit v1.2.3