[openssl-dev] [openssl.org #3704] OpenSSL HEAD breaks OpenConnect VPN client
David Woodhouse via RT
rt at openssl.org
Tue Feb 17 22:46:07 UTC 2015
This is the minimal fix to make d2i_SSL_SESSION() work. I've already
fixed OpenConnect to use it:
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/5abb133f
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 63fe17f..cb526cf 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -410,7 +410,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
os.data = NULL;
os.length = 0;
M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
- if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
+ if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR ||
+ ssl_version == DTLS1_BAD_VER) {
if (os.length != 2) {
c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
c.line = __LINE__;
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150217/f52be1a1/attachment.bin>
More information about the openssl-dev
mailing list