Bugfix: larger message size in ssl3_get_key_exchange() because

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 7ec91e58d224ab8e5b07933ec64be10897316e42..c969141757f078f83a832bbde193b9a869c17f18 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -12,9 +12,15 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+     with the same message size as in ssl3_get_certificate_request().
+     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+     messages might inadvertently be reject as too long.
+     [Petr Lampa <lampa@fee.vutbr.cz>]
+
   +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
      bug workarounds. Rollback attack detection is a security feature.
-     The problem will only arise on OpenSSL servers, when TLSv1 is not
+     The problem will only arise on OpenSSL servers when TLSv1 is not
      available (sslv3_server_method() or SSL_OP_NO_TLSv1).
      Software authors not wanting to support TLSv1 will have special reasons
      for their choice and can explicitly enable this option.