Hi

I think I found a bug (which has no real effect) in d2i_SSL_SESSION().

In the code snippet below from my point of view the SSL3_VERSION should
read SSL3_VERSION_MAJOR or even 3 (literal)!

        if ((ssl_version>>8) == SSL3_VERSION)
                i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
        else /* if (ssl_version == SSL2_VERSION) */
                i=SSL2_MAX_SSL_SESSION_ID_LENGTH;

This has no effect because SSL3_MAX_SSL_SESSION_ID_LENGTH and
SSL2_MAX_SSL_SESSION_ID_LENGTH are both defined to 32

And further up in the code the line

else if ((ssl_version>>8) == 3)

should then read the same.

regards

Matthias


______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

Reply via email to