diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-27 16:52:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-02-27 20:32:49 +0000 |
commit | 5c921f14cb08044e40f03440c39c70d9fb321e92 (patch) | |
tree | 5d3ad8c619df9fa4711f54082975c238363fb354 | |
parent | d58a852fbd3c7ae2d71949c090a474235b69d693 (diff) | |
download | openssl-new-5c921f14cb08044e40f03440c39c70d9fb321e92.tar.gz |
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.
This change fixes d2i_SSL_SESSION for that DTLS version.
Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3704
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/ssl_asn1.c
Conflicts:
ssl/dtls1.h
-rw-r--r-- | ssl/dtls1.h | 1 | ||||
-rw-r--r-- | ssl/ssl_asn1.c | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/ssl/dtls1.h b/ssl/dtls1.h index 442167a74c..8deb299a7c 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -85,6 +85,7 @@ extern "C" { # define DTLS1_VERSION 0xFEFF # define DTLS_MAX_VERSION DTLS1_VERSION +# define DTLS1_VERSION_MAJOR 0xFE # define DTLS1_BAD_VER 0x0100 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index f8c265cdde..39d48eabf0 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, id = 0x02000000L | ((unsigned long)os.data[0] << 16L) | ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2]; - } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR + || (ssl_version >> 8) == DTLS1_VERSION_MAJOR + || ssl_version == DTLS1_BAD_VER) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; c.line = __LINE__; |