[Pkg-openssl-changes] r290 - in openssl/trunk: debian ssl

[kroeckx at alioth.debian.org]

Author: kroeckx
Date: 2008-03-23 17:52:37 +0000 (Sun, 23 Mar 2008)
New Revision: 290

Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/ssl/t1_lib.c
Log:
Don't add extentions to ssl v3 connections.  It breaks with some
other software.  (Closes: #471681, #471896)


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2008-03-23 17:49:34 UTC (rev 289)
+++ openssl/trunk/debian/changelog	2008-03-23 17:52:37 UTC (rev 290)
@@ -1,3 +1,10 @@
+openssl (0.9.8g-8) unstable; urgency=high
+
+  * Don't add extentions to ssl v3 connections.  It breaks with some
+    other software.  (Closes: #471681, #471896)
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Sun, 23 Mar 2008 17:50:04 +0000
+
 openssl (0.9.8g-7) unstable; urgency=low
 
   * Upload to unstable.

Modified: openssl/trunk/ssl/t1_lib.c
===================================================================
--- openssl/trunk/ssl/t1_lib.c	2008-03-23 17:49:34 UTC (rev 289)
+++ openssl/trunk/ssl/t1_lib.c	2008-03-23 17:52:37 UTC (rev 290)
@@ -132,6 +132,10 @@
 	int extdatalen=0;
 	unsigned char *ret = p;
 
+	/* don't add extensions for SSLv3 */
+	if (s->client_version == SSL3_VERSION)
+		return p;
+
 	ret+=2;
 
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -202,6 +206,10 @@
 	int extdatalen=0;
 	unsigned char *ret = p;
 
+	/* don't add extensions for SSLv3 */
+	if (s->version == SSL3_VERSION)
+		return p;
+	
 	ret+=2;
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */