[openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)
Alessandro Ghedini via RT
rt at openssl.org
Fri Oct 30 18:35:39 UTC 2015
On Fri, Oct 09, 2015 at 05:02:47pm +0000, Alessandro Ghedini via RT wrote:
> On Thu, Oct 08, 2015 at 07:57:21pm +0000, Alessandro Ghedini via RT wrote:
> > FYI, I just pushed another patch that does the above (moving the check and
> > sending an alert) which I think is the best option (although, as Hubert pointed
> > out, sending the decode_error alert is not a MUST). If that's ok with you, I
> > can squash the two commits together and give them a better message, otherwise
> > just ignore the second patch.
>
> So, I went ahead and squashed all the commits into one [0] and also added the
> SSLv2 check as well. Can someone please have a look?
Ping? FYI I just rebased my patch at [0] on top of the state machine rewrite
commits in master (in fact I've rebased all my patches on master).
Cheers
[0] https://github.com/openssl/openssl/pull/437
More information about the openssl-dev
mailing list