Re: [openssl-dev] [openssl.org #3704] OpenSSL HEAD breaks OpenConnect VPN client

David Woodhouse via RT Tue, 17 Feb 2015 16:10:35 -0800

This is the minimal fix to make d2i_SSL_SESSION() work. I've already
fixed OpenConnect to use it:
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/5abb133f


diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 63fe17f..cb526cf 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -410,7 +410,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const 
unsigned char **pp,
     os.data = NULL;
     os.length = 0;
     M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
-    if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
+    if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR ||
+       ssl_version == DTLS1_BAD_VER) {
         if (os.length != 2) {
             c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
             c.line = __LINE__;

-- 
David Woodhouse                            Open Source Technology Centre
[email protected]                              Intel Corporation

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3704] OpenSSL HEAD breaks OpenConnect VPN client

Reply via email to