mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
Fix OpenSSL 0.9.8za patch for EAP-FAST support
OpenSSL 0.9.8za added a fix for CVE-2014-0224 and the original fix broke EAP-FAST support due to forgotten SSL3_FLAGS_CCS_OK marking for tls_session_secret_cb. Fix for this regression was added into OpenSSL 1.x and newer. The same fix is needed in this backport patch for 0.9.8za. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
c1f5bcb96f
commit
471debb0b3
@ -12,7 +12,7 @@ command line.
|
||||
diff -upr openssl-0.9.8za.orig/ssl/s3_clnt.c openssl-0.9.8za/ssl/s3_clnt.c
|
||||
--- openssl-0.9.8za.orig/ssl/s3_clnt.c 2014-06-05 11:09:26.000000000 +0300
|
||||
+++ openssl-0.9.8za/ssl/s3_clnt.c 2014-06-05 20:37:09.221387312 +0300
|
||||
@@ -767,6 +767,21 @@ int ssl3_get_server_hello(SSL *s)
|
||||
@@ -767,6 +767,22 @@ int ssl3_get_server_hello(SSL *s)
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
@ -27,6 +27,7 @@ diff -upr openssl-0.9.8za.orig/ssl/s3_clnt.c openssl-0.9.8za/ssl/s3_clnt.c
|
||||
+ {
|
||||
+ s->session->cipher=pref_cipher ?
|
||||
+ pref_cipher : ssl_get_cipher_by_char(s,p+j);
|
||||
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* OPENSSL_NO_TLSEXT */
|
||||
|
Loading…
Reference in New Issue
Block a user