3f2f2de8bf
- VPN openconnect problem (DTLS handshake failed) (git 9fe4603b8, bnc#822642, openssl ticket#2984) (forwarded request 201079 from dmacvicar) OBS-URL: https://build.opensuse.org/request/show/201094 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=97
27 lines
988 B
Diff
27 lines
988 B
Diff
commit 9fe4603b8245425a4c46986ed000fca054231253
|
|
Author: David Woodhouse <dwmw2@infradead.org>
|
|
Date: Tue Feb 12 14:55:32 2013 +0000
|
|
|
|
Check DTLS_BAD_VER for version number.
|
|
|
|
The version check for DTLS1_VERSION was redundant as
|
|
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
|
|
check for DTLS1_BAD_VER for compatibility.
|
|
|
|
PR:2984
|
|
(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
|
|
|
|
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
|
|
index 02edf3f..443a31e 100644
|
|
--- a/ssl/s3_cbc.c
|
|
+++ b/ssl/s3_cbc.c
|
|
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
|
|
unsigned padding_length, good, to_check, i;
|
|
const unsigned overhead = 1 /* padding length byte */ + mac_size;
|
|
/* Check if version requires explicit IV */
|
|
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
|
|
+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
|
|
{
|
|
/* These lengths are all public so we can test them in
|
|
* non-constant time.
|