From ddc38679cedcd154eb18187b8c384b1a05f61fc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Mon, 21 Jul 2003 15:17:46 +0000
Subject: tolerate extra data at end of client hello for SSL 3.0

PR: 659
---
 ssl/s3_srvr.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ssl')

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e941068416..c2ac8cb2fc 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s)
 		}
 
 	/* TLS does not mind if there is extra stuff */
+#if 0   /* SSL 3.0 does not mind either, so we should disable this test
+         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
 	if (s->version == SSL3_VERSION)
 		{
 		if (p < (d+n))
@@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s)
 			goto f_err;
 			}
 		}
+#endif
 
 	/* Given s->session->ciphers and SSL_get_ciphers, we must
 	 * pick a cipher */
-- 
cgit v1.2.3