X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs23_srvr.c;h=4da169eb31a97b7bf5348636e96becf5340f7b43;hb=f7a3296d8c8746b9901e95674425f300a6dfd1d4;hp=7168385659441bf1b7a5bb991fea10a9592bdf41;hpb=4ebb342fcd90562bce999dcc0915b16f816fbbf2;p=oweals%2Fopenssl.git

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 7168385659..4da169eb31 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -140,7 +140,7 @@ IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
 int ssl23_accept(SSL *s)
 	{
 	BUF_MEM *buf;
-	unsigned long Time=time(NULL);
+	unsigned long Time=(unsigned long)time(NULL);
 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state;
@@ -250,9 +250,6 @@ int ssl23_get_client_hello(SSL *s)
 	int n=0,j;
 	int type=0;
 	int v[2];
-#ifndef OPENSSL_NO_RSA
-	int use_sslv2_strong=0;
-#endif
 
 	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
 		{
@@ -419,7 +416,9 @@ int ssl23_get_client_hello(SSL *s)
 		n2s(p,sil);
 		n2s(p,cl);
 		d=(unsigned char *)s->init_buf->data;
-		if ((csl+sil+cl+11) != s->packet_length)
+		if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
+		                                          * Client Hello, can we? Error condition should be
+		                                          * '>' otherweise */
 			{
 			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
 			goto err;
@@ -462,6 +461,15 @@ int ssl23_get_client_hello(SSL *s)
 		*(d++)=1;
 		*(d++)=0;
 		
+#if 0
+                /* copy any remaining data with may be extensions */
+	        p = p+csl+sil+cl;
+		while (p <  s->packet+s->packet_length)
+			{
+			*(d++)=*(p++);
+			}
+#endif
+
 		i = (d-(unsigned char *)s->init_buf->data) - 4;
 		l2n3((long)i, d_len);
 
@@ -501,9 +509,7 @@ int ssl23_get_client_hello(SSL *s)
 			}
 
 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-			use_sslv2_strong ||
-			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
 			s->s2->ssl2_rollback=0;
 		else
 			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0