projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix wrong handling of session ID in SSLv2 client code.
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 0922acb089f9ae40f409eacfbe26b7e0f1c3bacb..38e81e8a2fd073aadba41ae91c873480582508c9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -352,6 +352,15 @@ TODO: bug: pad  x  with leading zeros if necessary
  
  Changes between 0.9.6h and 0.9.7  [XX xxx 2002]
 
+  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+     code (06) was taken as the first octet of the session ID and the last
+     octet was ignored consequently. As a result SSLv2 client side session
+     caching could not have worked due to the session ID mismatch between
+     client and server.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     PR #377.
+     [Lutz Jaenicke]
+
   *) Change the declaration of needed Kerberos libraries to use EX_LIBS
      instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
      removed entirely.
Unnamed repository; edit this file 'description' to name the repository.