Sorry I can't do diffs for this - this is something I stumbled across at
work, and the folk there are anal about code modifications leaving the
site...
In routine ssl_get_key_exchange, for handling EDH modes, there is a
#ifndef NO_RSA
if(<rsa key available>)
pkey =
else
#endif
#ifndef NO_DSA
if(<dsa key available>)
pkey =
#endif
which if compiled with NO_DSA set, includes the next statement - the one
actually setting the temporary DH key - as the else clause. This
disables EDH modes in the client.
Fix - put a no-op statement like
{;} /*no-op*/
after the second #endif to blank off the else
There may be more of these, but I've not stumbled across any. And I've
not looked at 0.9.5 since it came out too late in our release cycle.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< http://www.ravnaandtines.com/
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
