Browse Source
Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
*) Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
*) Keep original DTLS digest and encryption contexts in retransmission
structures so we can use the previous session parameters if they need
to be resent. (CVE-2013-6450)
[Steve Henson]
*) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
[Rob Stradling, Adam Langley]
stable/0.6
Christian Wiese
11 years ago
2 changed files with 3 additions and 49 deletions
@ -1,46 +0,0 @@
|
||||
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
|
||||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
|
||||
#
|
||||
# Filename: package/.../openssl/openssl-1.0.1e-SSL_get_certificate.patch
|
||||
# Copyright (C) 2013 The OpenSDE Project
|
||||
#
|
||||
# More information can be found in the files COPYING and README.
|
||||
#
|
||||
# This patch file is dual-licensed. It is available under the license the
|
||||
# patched project is licensed under, as long as it is an OpenSource license
|
||||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
|
||||
# of the GNU General Public License as published by the Free Software
|
||||
# Foundation; either version 2 of the License, or (at your option) any later
|
||||
# version.
|
||||
# --- SDE-COPYRIGHT-NOTE-END ---
|
||||
|
||||
From 147dbb2fe3bead7a10e2f280261b661ce7af7adc Mon Sep 17 00:00:00 2001
|
||||
From: "Dr. Stephen Henson" <steve@openssl.org>
|
||||
Date: Mon, 11 Feb 2013 18:24:03 +0000
|
||||
Subject: [PATCH] Fix for SSL_get_certificate
|
||||
|
||||
Now we set the current certificate to the one used by a server
|
||||
there is no need to call ssl_get_server_send_cert which will
|
||||
fail if we haven't sent a certificate yet.
|
||||
---
|
||||
ssl/ssl_lib.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
||||
index 14d143d..ff5a85a 100644
|
||||
--- a/ssl/ssl_lib.c
|
||||
+++ b/ssl/ssl_lib.c
|
||||
@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
|
||||
/* Fix this function so that it takes an optional type parameter */
|
||||
X509 *SSL_get_certificate(const SSL *s)
|
||||
{
|
||||
- if (s->server)
|
||||
- return(ssl_get_server_send_cert(s));
|
||||
- else if (s->cert != NULL)
|
||||
+ if (s->cert != NULL)
|
||||
return(s->cert->key->x509);
|
||||
else
|
||||
return(NULL);
|
||||
--
|
||||
1.7.9.5
|
||||
|
||||
Loading…
Reference in new issue