Open SSL Developers -
Ever try connecting to an SSLeay server that uses
SSLv23_server_method() via a telnet session and then closing the
session without sending any data?
When you do that in our server, it crashes trying to use the
handshake_func function in ssl23_read(), 'cuz handshake_func never got
initialized.
One fix that works is to change this code in the s23_srvr.c
ssl23_get_client_hello() routine from this:
n=ssl23_read_bytes(s,7);
if (n != 7) return(n);
to this:
n=ssl23_read_bytes(s,7);
if (n != 7) return -1;
In SSLeay-0.9.0b, that's lines 210 and 211.
>From a quick look at the current sources in OpenSSL, I'd say this
is still a problem.
Also, I'd say it's probably also lurking in s3_srvr.c, where
ssl3_get_client_hello return the number of bytes read by
ssl3_get_message when !ok and the caller is going to think the call to
ssl3_get_client_hello didn't fail.
TT
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
