tolerate extra data at end of client hello for SSL 3.0

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 084b9cfd8d984ea50c97fdab903f13bbd11e31c0..c2ac8cb2fc257450385196acb9c016c462d0b615 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s)
                }
 
        /* TLS does not mind if there is extra stuff */
+#if 0   /* SSL 3.0 does not mind either, so we should disable this test
+         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
        if (s->version == SSL3_VERSION)
                {
                if (p < (d+n))
@@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s)
                        goto f_err;
                        }
                }
+#endif
 
        /* Given s->session->ciphers and SSL_get_ciphers, we must
         * pick a cipher */
@@ -1709,7 +1713,6 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                 * made up by the adversary is properly formatted except
                                 * that the version number is wrong.  To avoid such attacks,
                                 * we should treat this just like any other decryption error. */
-                               p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20";
                                }
                        }