[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue Jan 10 12:37:40 UTC 2017

The branch OpenSSL_1_1_0-stable has been updated
       via  dc4667333bf5b712aa3c17b9713a6dda32d5feb1 (commit)
      from  db2fed4443042db3e7921810d944cfd15d347d08 (commit)

- Log -----------------------------------------------------------------
commit dc4667333bf5b712aa3c17b9713a6dda32d5feb1
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 9 17:29:44 2017 +0000

    Mark a HelloRequest record as read if we ignore it
    Otherwise the client will try to process it again. The second time around
    it will try and move the record data into handshake fragment storage and
    realise that there is no data left. At that point it marks it as read
    anyway. However, it is a bug that we go around the loop a second time, so
    we prevent that.
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2200)
    (cherry picked from commit 290a0419f0c13a30fb3a1d1a279125c8aeafd17e)


Summary of changes:
 ssl/record/rec_layer_s3.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index da1999b..fdc8190 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1297,7 +1297,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
                         return (-1);
+            } else {
+                SSL3_RECORD_set_read(rr);
+        } else {
+            /* Does this ever happen? */
+            SSL3_RECORD_set_read(rr);
          * we either finished a handshake or ignored the request, now try

More information about the openssl-commits mailing list