diff options
author | nelsonb%netscape.com <devnull@localhost> | 2000-06-06 20:32:18 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2000-06-06 20:32:18 +0000 |
commit | 09d7413f35b2d70553a53db04e9ee6ee5488f3c8 (patch) | |
tree | eaab11db52629dae2160865711ec39f3451250b5 | |
parent | 96abdc75f33b12430fc4d1a324325792e2de3285 (diff) | |
download | nss-hg-09d7413f35b2d70553a53db04e9ee6ee5488f3c8.tar.gz |
Carry forward fix from NSS 2.8 for servers that don't do ssl2.
-rw-r--r-- | security/nss/lib/ssl/sslcon.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index 16b1c8570..e4a3e3ecd 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -3429,11 +3429,15 @@ ssl2_HandleClientHelloMessage(sslSocket *ss) ssl_ReleaseRecvBufLock(ss); return rv; } - if (!ss->enableSSL2) { - PORT_SetError(SEC_ERROR_BAD_DATA); - ssl_ReleaseRecvBufLock(ss); - return SECFailure; - } + /* Previously, there was a test here to see if SSL2 was enabled. + ** If not, an error code was set, and SECFailure was returned, + ** without sending any error code to the other end of the connection. + ** That test has been removed. If SSL2 has been disabled, there + ** should be no SSL2 ciphers enabled, and consequently, the code + ** below should send the ssl2 error message SSL_PE_NO_CYPHERS. + ** We now believe this is the correct thing to do, even when SSL2 + ** has been explicitly disabled by the application. + */ /* Extract info from message */ ss->version = (data[1] << 8) | data[2]; |