I think this is the right change. However, I see that there is another
"len-tot" in the following conditional block
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
This is within the same function. I wonder whether that line is also prone to
the same issue and need the sa
Hi,
This happens in the 0.9.8 branch for sure (event in the latest y version). Not
sure if it is there in 1.x versions.
The problem is with code in s3_pkt.c: the ssl3_write_bytes() function.
Within this function, there is a line, n=(len-tot). Here if 'len' is less than
'tot' then the result is a