Don't check for padding bug if compression is negotiated.

PR: 1204

diff --git a/CHANGES b/CHANGES
index ee9e4250f6f1dc8c4207ebe1dc74de0f42474b21..c9c1c50cdb9d73f4eae97fbbf66cf8a848ac8c7f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,13 @@
 
  Changes between 0.9.8b and 0.9.8c  [xx XXX xxxx]
 
-  *)
+  *) Disable the padding bug check when compression is in use. The padding
+     bug check assumes the first packet is of even length, this is not
+     necessarily true if compresssion is enabled and can result in false
+     positives causing handshake failure. The actual bug test is ancient
+     code so it is hoped that implementations will either have fixed it by
+     now or any which still have the bug do not support compression.
+     [Steve Henson]
 
  Changes between 0.9.8a and 0.9.8b  [04 May 2006]
 

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index c544c764950cffd16bf18640874ac9c262ec6311..e0ce681574b9b3bf44c292646f14218ff5d5eead 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -628,7 +628,15 @@ int tls1_enc(SSL *s, int send)
                        {
                        ii=i=rec->data[l-1]; /* padding_length */
                        i++;
-                       if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+                       /* NB: if compression is in operation the first packet
+                        * may not be of even length so the padding bug check
+                        * cannot be performed. This bug workaround has been
+                        * around since SSLeay so hopefully it is either fixed
+                        * now or no buggy implementation supports compression 
+                        * [steve]
+                        */
+                       if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+                               && !s->expand)
                                {
                                /* First packet is even in size, so check */
                                if ((memcmp(s->s3->read_sequence,