diff options
author | wtc%google.com <devnull@localhost> | 2008-02-14 02:18:48 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2008-02-14 02:18:48 +0000 |
commit | 5549259225094dd3e96cfd66fc206804c74dd709 (patch) | |
tree | 3b423ac933342b85c086ea8d742826f7f8c6830f | |
parent | 750eb294e7be605f0efc8effebe742ec59b1bc09 (diff) | |
download | nss-hg-5549259225094dd3e96cfd66fc206804c74dd709.tar.gz |
Bug 403563: removed unused macro DISALLOW_SERVER_HELLO_EXTENSIONS. Added
a block comment to explain what we don't do.
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 910144bcf..a0845e6ef 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -4654,16 +4654,21 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } ss->ssl3.hs.compression = (SSL3CompressionMethod)temp; -#ifndef DISALLOW_SERVER_HELLO_EXTENSIONS - if (isTLS && length > 0) { + /* Note that if !isTLS && length != 0, we do NOT goto alert_loser. + * There are some old SSL 3.0 implementations that do send stuff + * after the end of the server hello, and we deliberately ignore + * such stuff in the interest of maximal interoperability (being + * "generous in what you accept"). + */ + if (isTLS && length != 0) { SECItem extensions; rv = ssl3_ConsumeHandshakeVariable(ss, &extensions, 2, &b, &length); if (rv != SECSuccess || length != 0) goto alert_loser; rv = ssl3_HandleHelloExtensions(ss, &extensions.data, &extensions.len); - if (rv != SECSuccess) goto alert_loser; + if (rv != SECSuccess) + goto alert_loser; } -#endif /* Any errors after this point are not "malformed" errors. */ desc = handshake_failure; |