Unfortunately, there was newer code which was not yet covered by the patch. This caused an abbreviated handshake to fail.
--- ssl/ssl_lib.c 26 Aug 2010 14:22:40 -0000 1.176.2.19.2.2
+++ ssl/ssl_lib.c 27 Aug 2010 09:25:16 -0000
@@ -1383,7 +1383,7 @@
/* If p == q, no ciphers and caller indicates an error. Otherwise
* add SCSV if not renegotiating.
*/
- if (p != q && !s->new_session)
+ if (p != q && !s->renegotiate)
{
static SSL_CIPHER scsv =
{
@@ -1430,7 +1430,7 @@
(p[n-1] == (SSL3_CK_SCSV & 0xff)))
{
/* SCSV fatal if renegotiating */
- if (s->new_session)
+ if (s->renegotiate)
{
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
--- ssl/t1_lib.c 27 Jun 2010 14:22:11 -0000 1.64.2.14.2.1
+++ ssl/t1_lib.c 27 Aug 2010 09:25:16 -0000
@@ -317,7 +317,7 @@
}
/* Add RI if renegotiating */
- if (s->new_session)
+ if (s->renegotiate)
{
int el;
@@ -969,7 +1003,7 @@
/* Need RI if renegotiating */
- if (!renegotiate_seen && s->new_session &&
+ if (!renegotiate_seen && s->renegotiate &&
!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
*al = SSL_AD_HANDSHAKE_FAILURE;
abbreneg.patch
Description: Binary data
