- CAN-2005-2969 fix from http://www.openssl.org/news/patch-CAN-2005-2969.txt

author Jakub Bogusz <qboosh@pld-linux.org>

Wed, 12 Oct 2005 11:30:59 +0000 (11:30 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author Jakub Bogusz <qboosh@pld-linux.org>
Wed, 12 Oct 2005 11:30:59 +0000 (11:30 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/openssl-CAN-2005-2969.patch b/openssl-CAN-2005-2969.patch

new file mode 100644 (file)

index 0000000..65dc393
--- /dev/null
+++ b/openssl-CAN-2005-2969.patch
@@ -0,0 +1,13 @@
+--- ssl/s23_srvr.c     25 Sep 2002 15:36:09 -0000      1.32.2.5
++++ ssl/s23_srvr.c     11 Oct 2005 00:00:00 -0000
+@@ -575,9 +575,7 @@
+                       }
+ 
+               s->state=SSL2_ST_GET_CLIENT_HELLO_A;
+-              if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
+-                      use_sslv2_strong ||
+-                      (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
++              if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
+                       s->s2->ssl2_rollback=0;
+               else
+                       /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
author	Jakub Bogusz <qboosh@pld-linux.org>
	Wed, 12 Oct 2005 11:30:59 +0000 (11:30 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)