From b2c71c489ddeb82a551171d5cb9c80eb36375c30 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 15 Jan 2003 09:48:29 +0000 Subject: [PATCH] Really fix SSLv2 session ID handling PR: 377 --- CHANGES | 9 +++++++++ ssl/s2_clnt.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 2f4554b03f..85bd963ae9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly + checked on reconnect on the client side, therefore session resumption + could still fail with a "ssl session id is different" error. This + behaviour is masked when SSL_OP_ALL is used due to + SSL_OP_MICROSOFT_SESS_ID_BUG being set. + Behaviour observed by Crispin Flowerday as + followup to PR #377. + [Lutz Jaenicke] + *) IA-32 assembler support enhancements: unified ELF targets, support for SCO/Caldera platforms, fix for Cygwin shared build. [Andy Polyakov] diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index c6319bb63d..1d24dedc91 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -1021,7 +1021,7 @@ static int get_server_finished(SSL *s) if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { if ((s->session->session_id_length > sizeof s->session->session_id) - || (0 != memcmp(buf, s->session->session_id, + || (0 != memcmp(buf + 1, s->session->session_id, (unsigned int)s->session->session_id_length))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); -- 2.25.1