[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Tue Sep 1 23:40:22 UTC 2015 

The branch OpenSSL_1_0_2-stable has been updated
       via  31472acf61fce8bbc39390ca96ff2f9da2dfafb8 (commit)
       via  28643a1615f4b09295a18d7ae0cb13adca8c8d00 (commit)
      from  dc0c888811cebfa2d21c844be0d81335fb2361da (commit)


- Log -----------------------------------------------------------------
commit 31472acf61fce8bbc39390ca96ff2f9da2dfafb8
Author: Hiroyuki YAMAMORI <h-yamamo at db3.so-net.ne.jp>
Date:   Wed Aug 26 15:06:22 2015 +0100

    Fix DTLS1.2 compression
    
    Backport of equivalent fix from master. The only compression
    method is stateful and hence incompatible with DTLS. The DTLS
    test was not working for DTLS1.2
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 28643a1615f4b09295a18d7ae0cb13adca8c8d00
Author: Hiroyuki YAMAMORI <h-yamamo at db3.so-net.ne.jp>
Date:   Wed Aug 26 15:04:09 2015 +0100

    Fix DTLS1.2 buffers
    
    Fix the setup of DTLS1.2 buffers to take account of the Header
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_both.c | 4 ++--
 ssl/ssl_lib.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 019e21c..09d0661 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -648,7 +648,7 @@ int ssl3_setup_read_buffer(SSL *s)
     unsigned char *p;
     size_t len, align = 0, headerlen;
 
-    if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+    if (SSL_IS_DTLS(s))
         headerlen = DTLS1_RT_HEADER_LENGTH;
     else
         headerlen = SSL3_RT_HEADER_LENGTH;
@@ -687,7 +687,7 @@ int ssl3_setup_write_buffer(SSL *s)
     unsigned char *p;
     size_t len, align = 0, headerlen;
 
-    if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+    if (SSL_IS_DTLS(s))
         headerlen = DTLS1_RT_HEADER_LENGTH + 1;
     else
         headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c0931e7..d72756a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1980,7 +1980,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 
     ret->extra_certs = NULL;
     /* No compression for DTLS */
-    if (meth->version != DTLS1_VERSION)
+    if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
         ret->comp_methods = SSL_COMP_get_compression_methods();
 
     ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;

More information about the openssl-commits mailing list