From: Lutz Jänicke Date: Sun, 29 Dec 2002 20:58:55 +0000 (+0000) Subject: Fix wrong handling of session ID in SSLv2 client code. X-Git-Tag: OpenSSL_0_9_7~5 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ef9d3a10c36aa30aa764923d42421395da4ce55d;p=oweals%2Fopenssl.git Fix wrong handling of session ID in SSLv2 client code. PR: 377 --- diff --git a/CHANGES b/CHANGES index afefb21303..a259bd33af 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.6h and 0.9.7 [XX xxx 2002] + *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED + code (06) was taken as the first octet of the session ID and the last + octet was ignored consequently. As a result SSLv2 client side session + caching could not have worked due to the session ID mismatch between + client and server. + Behaviour observed by Crispin Flowerday as + PR #377. + [Lutz Jaenicke] + *) Change the declaration of needed Kerberos libraries to use EX_LIBS instead of the special (and badly supported) LIBKRB5. LIBKRB5 is removed entirely. diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 0bc04d284e..c6319bb63d 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -1014,7 +1014,7 @@ static int get_server_finished(SSL *s) * or bad things can happen */ /* ZZZZZZZZZZZZZ */ s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; - memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH); + memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH); } else {