Hi, there is a bug in 0.9.9 (openssl-SNAP-20080815) which leads to a crash due to a NULL pointer. I can reproduce it when I use FireFox3 and a ssl server based on the snapshot version. From what I can see is that it happens when FF3 makes the second connection. The most noticeable difference is that in the first handshake FF3 sends an empty SessionTicket TLS extension whereas the second one contains a 160 byte session ticket. The server application crashed while working on the client_hello message in s3_enc.c line 578
if (s->s3->handshake_dgst[i]!= NULL) because s->s3->handshake_dgst is NULL. The call stack is: SSL_accept ssl23_accept ssl23_get_client_hello SSL_accept ssl3_accept ssl3_send_server_hello ssl3_do_write ssl3_finish_mac (s3_enc.c, line 578) Bye Jan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
