[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Mon Mar 9 11:09:32 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 0d691e0e27a5eed8ece790830b8a2168348b1373 (commit)
from ae3fcdf1e5865b709aed4e66924197bc6191fc5b (commit)
- Log -----------------------------------------------------------------
commit 0d691e0e27a5eed8ece790830b8a2168348b1373
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Mon Mar 2 16:20:15 2015 +0000
Wrong SSL version in DTLS1_BAD_VER ClientHello
Since commit 741c9959 ("DTLS revision."), we put the wrong protocol
version into our ClientHello for DTLS1_BAD_VER. The old DTLS
code which used ssl->version was replaced by the more generic SSL3 code
which uses ssl->client_version. The Cisco ASA no longer likes our
ClientHello.
RT#3711
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit f7683aaf36341dc65672ac2ccdbfd4a232e3626d)
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 2845757..1f10054 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -270,7 +270,7 @@ void dtls1_clear(SSL *s)
ssl3_clear(s);
if (s->options & SSL_OP_CISCO_ANYCONNECT)
- s->version = DTLS1_BAD_VER;
+ s->client_version = s->version = DTLS1_BAD_VER;
else if (s->method->version == DTLS_ANY_VERSION)
s->version = DTLS1_2_VERSION;
else
More information about the openssl-commits
mailing list