>From ticket 2720, it seems the official position is that "no-tlsext" is NOT
>supported. However, for those who still try to use it, the recent fixes for
>CVE-2015-1791 seem to have introduced more problems for the 0.9.8 code base
>(and maybe others - not sure).
This report can be added to RT#2720.
@@ -151,12 +151,12 @@
* the case of an error whilst halfway through constructing dest
*/
dest->ciphers = NULL;
#ifndef OPENSSL_NO_TLSEXT
dest->tlsext_hostname = NULL;
-#endif
dest->tlsext_tick = NULL;
+#endif
memset(&dest->ex_data, 0, sizeof(dest->ex_data));
/* We deliberately don't copy the prev and next pointers */
dest->prev = NULL;
dest->next = NULL;
@@ -185,20 +185,20 @@
dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
if (dest->tlsext_hostname == NULL) {
goto err;
}
}
-#endif
if (ticket != 0) {
dest->tlsext_tick = BUF_memdup(src->tlsext_tick,
src->tlsext_ticklen);
if(dest->tlsext_tick == NULL)
goto err;
} else {
dest->tlsext_tick_lifetime_hint = 0;
dest->tlsext_ticklen = 0;
}
+#endif
return dest;
err:
SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
SSL_SESSION_free(dest);
Geoff
_______________________________________________
openssl-bugs-mod mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
