← Back to branch summary

~ubuntu-branches/ubuntu/maverick/openssl/maverick-security

« back to all changes in this revision

Viewing changes to ssl/s3_clnt.c

  • Committer: Bazaar Package Importer
  • Author(s): Steve Beattie
  • Date: 2010-12-02 16:24:31 UTC
  • Revision ID: james.westby@ubuntu.com-20101202162431-ahz2s8cizwq1odcz
Tags: 0.9.8o-1ubuntu4.3
* SECURITY UPDATE: ciphersuite downgrade vulnerability
  - openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch:
    disable workaround for Netscape cipher suite bug in ssl/s3_clnt.c
    and ssl/s3_srvr.c
  - CVE-2010-4180

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/s3_clnt.c
815
815
                s->session->cipher_id = s->session->cipher->id;
816
816
        if (s->hit && (s->session->cipher_id != c->id))
817
817
                {
 
818
/* Workaround is now obsolete */
 
819
#if 0
818
820
                if (!(s->options &
819
821
                        SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
 
822
#endif
820
823
                        {
821
824
                        al=SSL_AD_ILLEGAL_PARAMETER;
822
825
                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);