At 03:47 PM 1/1/00 +0100, Christian Buysschaert wrote:
>Hello Bertie,
>
>Thanks for providing this patch!
>
>I've been testing it but have been unsuccessful in getting it
>to work. I'll provide my setup here perhaps somebody could
>point out some things I've been doing wrong?
>
There was a simple problem with the patch I provided in my initial mail. I
was checking that the incoming packet was an SSL 3.0 packet, this worked
for me as it was what my Explorer was setup to use, however if your browser
was using TLS 3.1 then my patch wouldn't come into effect.
In short in ssl/s3_srvr.c change
if ( b && b->length >= 6 && b->data[0] == 0x16 &&
b->data[1] == 0x03 &&
b->data[2] == 0x00 && b->data[5] == 0x01 )
{
s->state=SSL_ST_ACCEPT;
break;
}
to
if ( b && b->length >= 6 && b->data[0] == 0x16 &&
b->data[1] == 0x03 &&
b->data[5] == 0x01 )
{
s->state=SSL_ST_ACCEPT;
break;
}
Note the removal of the b->data[2] == 0x00 condition. This was restricting
the fix to SSL minor version 0
Let me know if this helps.
Bertie
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
