diff options
author | bodo <bodo> | 2007-09-21 14:05:06 +0000 |
---|---|---|
committer | bodo <bodo> | 2007-09-21 14:05:06 +0000 |
commit | 624f6ea67217b0148942d22e1e4d199cc6592f65 (patch) | |
tree | dbf6a94842eaee3379ba3124965f9b8ebe0aefe9 | |
parent | 42f8ebfb2b6966f069e840a2943f855744b31d0e (diff) | |
download | openssl-624f6ea67217b0148942d22e1e4d199cc6592f65.tar.gz |
More changes from HEAD:
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
now that ssl23_client_hello takes care of that
- fix buffer overrun checks in ssl_add_serverhello_tlsext()
-rw-r--r-- | ssl/s3_lib.c | 1 | ||||
-rw-r--r-- | ssl/t1_lib.c | 4 |
2 files changed, 2 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2bacb2601..95e893737 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1931,7 +1931,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return 0; } - s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */ break; case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: s->tlsext_debug_arg=parg; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 21ddcc611..fabc634d6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -207,7 +207,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) { - if (limit - p - 4 < 0) return NULL; + if (limit - ret - 4 < 0) return NULL; s2n(TLSEXT_TYPE_server_name,ret); s2n(0,ret); @@ -216,7 +216,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { - if (limit - p - 4 < 0) return NULL; + if (limit - ret - 4 < 0) return NULL; s2n(TLSEXT_TYPE_session_ticket,ret); s2n(0,ret); } |