diff options
author | Bodo Möller <bodo@openssl.org> | 2005-10-26 19:40:45 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2005-10-26 19:40:45 +0000 |
commit | 72dce7685ecd1017420af0a0497923a88d60735a (patch) | |
tree | cb86c5fa34affa787b5e181034ba733d18a372d5 | |
parent | ee8836c442409252931c3952606eb7aadfa334f1 (diff) | |
download | openssl-new-72dce7685ecd1017420af0a0497923a88d60735a.tar.gz |
Add fixes for CAN-2005-2969.
(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
-rw-r--r-- | FAQ | 2 | ||||
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | STATUS | 5 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 2 | ||||
-rw-r--r-- | ssl/s23_srvr.c | 7 | ||||
-rw-r--r-- | ssl/ssl.h | 2 |
6 files changed, 13 insertions, 10 deletions
@@ -73,7 +73,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.8 was released on July 5th, 2005. +OpenSSL 0.9.8a was released on October 11th, 2005. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: + + o Fix potential SSL 2.0 rollback, CAN-2005-2969 + o Extended Windows CE support + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: o Major work on the BIGNUM library for higher efficiency and to @@ -1,11 +1,14 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2005/07/05 19:16:24 $ + ______________ $Date: 2005/10/26 19:40:44 $ DEVELOPMENT STATE o OpenSSL 0.9.9: Under development... + o OpenSSL 0.9.8a: Released on October 11th, 2005 o OpenSSL 0.9.8: Released on July 5th, 2005 + o OpenSSL 0.9.7i: Released on October 15th, 2005 + o OpenSSL 0.9.7h: Released on October 11th, 2005 o OpenSSL 0.9.7g: Released on April 11th, 2005 o OpenSSL 0.9.7f: Released on March 22nd, 2005 o OpenSSL 0.9.7e: Released on October 25th, 2004 diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 5ab1b32f93..fa63263601 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -86,7 +86,7 @@ doing a re-connect, always takes the first cipher in the cipher list. =item SSL_OP_MSIE_SSLV2_RSA_PADDING -... +As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 7168385659..5bf37c94d6 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -250,9 +250,6 @@ int ssl23_get_client_hello(SSL *s) int n=0,j; int type=0; int v[2]; -#ifndef OPENSSL_NO_RSA - int use_sslv2_strong=0; -#endif if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { @@ -501,9 +498,7 @@ int ssl23_get_client_hello(SSL *s) } s->state=SSL2_ST_GET_CLIENT_HELLO_A; - if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong || - (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) + if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) s->s2->ssl2_rollback=0; else /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 @@ -480,7 +480,7 @@ typedef struct ssl_session_st #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L #define SSL_OP_TLS_D5_BUG 0x00000100L #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L |