Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
f1192b7f
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
f1192b7f
编写于
9月 22, 2000
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Avoid protocol rollback.
上级
dbba890c
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
25 addition
and
8 deletion
+25
-8
CHANGES
CHANGES
+10
-0
ssl/s23_srvr.c
ssl/s23_srvr.c
+13
-8
ssl/ssl.h
ssl/ssl.h
+1
-0
ssl/ssl_err.c
ssl/ssl_err.c
+1
-0
未找到文件。
CHANGES
浏览文件 @
f1192b7f
...
...
@@ -4,6 +4,16 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) In ssl23_get_client_hello, generate an error message when faced
with an initial SSL 3.0/TLS record that is too small to contain the
first two bytes of the ClientHello message, i.e. client_version.
(Note that this is a pathologic case that probably has never happened
in real life.) The previous approach was to use the version number
from the record header as a subsitute; but our protocol choice
should not depend on that one because it is not authenticated
by the Finished messages.
[Bodo Moeller]
*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
not set then we don't setup the error code for issuer check errors
to avoid possibly overwriting other errors which the callback does
...
...
ssl/s23_srvr.c
浏览文件 @
f1192b7f
...
...
@@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s)
* SSLv3 or tls1 header
*/
v
[
0
]
=
p
[
1
];
/* major version */
v
[
0
]
=
p
[
1
];
/* major version
(= SSL3_VERSION_MAJOR)
*/
/* We must look at client_version inside the Client Hello message
* to get the correct minor version: */
v
[
1
]
=
p
[
10
];
/* However if we have only a pathologically small fragment of the
* Client Hello message, we simply use the version from the
* record header -- this is incorrect but unlikely to fail in
* practice */
* to get the correct minor version.
* However if we have only a pathologically small fragment of the
* Client Hello message, this would be difficult, we'd have
* to read at least one additional record to find out.
* This doesn't usually happen in real life, so we just complain
* for now.
*/
if
(
p
[
3
]
==
0
&&
p
[
4
]
<
6
)
v
[
1
]
=
p
[
2
];
{
SSLerr
(
SSL_F_SSL23_GET_CLIENT_HELLO
,
SSL_R_RECORD_TOO_SMALL
);
goto
err
;
}
v
[
1
]
=
p
[
10
];
/* minor version according to client_version */
if
(
v
[
1
]
>=
TLS1_VERSION_MINOR
)
{
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
...
...
ssl/ssl.h
浏览文件 @
f1192b7f
...
...
@@ -1471,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
#define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214
#define SSL_R_RECORD_TOO_SMALL 1093
#define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
...
...
ssl/ssl_err.c
浏览文件 @
f1192b7f
...
...
@@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
SSL_R_READ_WRONG_PACKET_TYPE
,
"read wrong packet type"
},
{
SSL_R_RECORD_LENGTH_MISMATCH
,
"record length mismatch"
},
{
SSL_R_RECORD_TOO_LARGE
,
"record too large"
},
{
SSL_R_RECORD_TOO_SMALL
,
"record too small"
},
{
SSL_R_REQUIRED_CIPHER_MISSING
,
"required cipher missing"
},
{
SSL_R_REUSE_CERT_LENGTH_NOT_ZERO
,
"reuse cert length not zero"
},
{
SSL_R_REUSE_CERT_TYPE_NOT_ZERO
,
"reuse cert type not zero"
},
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录