[openssl-commits] [openssl] OpenSSL_0_9_8-stable update

Dr. Stephen Henson steve at openssl.org
Wed Jan 7 18:13:20 UTC 2015 

The branch OpenSSL_0_9_8-stable has been updated
       via  df70302441a507da88d1761c47e80295247521a8 (commit)
       via  9c6c664041f8ac0306090e079448f1c4fa41556e (commit)
      from  11f719da38c5e9aa509aa518d11f71355cca7cd1 (commit)


- Log -----------------------------------------------------------------
commit df70302441a507da88d1761c47e80295247521a8
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Jan 7 17:36:17 2015 +0000

    fix error discrepancy
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 4a4d4158572fd8b3dc641851b8378e791df7972d)

commit 9c6c664041f8ac0306090e079448f1c4fa41556e
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Jan 6 21:12:15 2015 +0000

    use correct credit in CHANGES
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df)
    
    Conflicts:
    	CHANGES

-----------------------------------------------------------------------

Summary of changes:
 CHANGES       |    6 ++++--
 ssl/s3_clnt.c |    2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index ea460d6..573f2b7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,7 +7,8 @@
   *) Abort handshake if server key exchange message is omitted for ephemeral
      ECDH ciphersuites.
 
-     Thanks to Karthikeyan Bhargavan for reporting this issue.
+     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+     reporting this issue.
      (CVE-2014-3572)
      [Steve Henson]
 
@@ -15,7 +16,8 @@
      violated the TLS standard by allowing the use of temporary RSA keys in
      non-export ciphersuites and could be used by a server to effectively
      downgrade the RSA key length used to a value smaller than the server
-     certificate. Thanks for Karthikeyan Bhargavan for reporting this issue.
+     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+     INRIA or reporting this issue.
      (CVE-2015-0204)
      [Steve Henson]
 
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 2402a06..3352e2d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1184,7 +1184,7 @@ int ssl3_get_key_exchange(SSL *s)
 		if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
 			{
 			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE);
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
 			goto f_err;
 			}
 		if ((rsa=RSA_new()) == NULL)

More information about the openssl-commits mailing list