From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 28 Apr 2009 22:01:53 +0000 (+0000)
Subject: PR: 1629
X-Git-Tag: OpenSSL_1_0_0-beta3~107
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=18f8258a87bd3b4099f5ab6f788c7bc2bfa00f9c;p=oweals%2Fopenssl.git

PR: 1629
Submitted by: Kaspar Brand <ossl-rt@velox.ch>
Approved by: steve@openssl.org

Don't use extensions if using SSLv3: this chokes some broken servers.
---

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3c6907f608..bd849ac593 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -275,6 +275,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;
 
+	/* don't add extensions for SSLv3 */
+	if (s->client_version == SSL3_VERSION)
+		return p;
+
 	ret+=2;
 
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -472,6 +476,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;
 
+	/* don't add extensions for SSLv3 */
+	if (s->version == SSL3_VERSION)
+		return p;
+	
 	ret+=2;
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */