Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 108046 | Differences between
and this patch

Collapse All | Expand All

(-)CHANGES (+23 lines)
Lines 4-9 Link Here
4
4
5
 Changes between 0.9.8 and 0.9.8a  [05 Jul 2005]]
5
 Changes between 0.9.8 and 0.9.8a  [05 Jul 2005]]
6
6
7
  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
8
     (part of SSL_OP_ALL).  This option used to disable the
9
     countermeasure against man-in-the-middle protocol-version
10
     rollback in the SSL 2.0 server implementation, which is a bad
11
     idea.
12
13
     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
14
     for Information Security, National Institute of Advanced Industrial
15
     Science and Technology [AIST], Japan)]
16
7
  *) Add libcrypto.pc and libssl.pc for those who feel they need them.
17
  *) Add libcrypto.pc and libssl.pc for those who feel they need them.
8
     [Richard Levitte]
18
     [Richard Levitte]
9
19
Lines 850-855 Link Here
850
860
851
 Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
861
 Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
852
862
863
  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
864
     (part of SSL_OP_ALL).  This option used to disable the
865
     countermeasure against man-in-the-middle protocol-version
866
     rollback in the SSL 2.0 server implementation, which is a bad
867
     idea.
868
869
     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
870
     for Information Security, National Institute of Advanced Industrial
871
     Science and Technology [AIST], Japan)]
872
853
  *) Minimal support for X9.31 signatures and PSS padding modes. This is
873
  *) Minimal support for X9.31 signatures and PSS padding modes. This is
854
     mainly for FIPS compliance and not fully integrated at this stage.
874
     mainly for FIPS compliance and not fully integrated at this stage.
855
     [Steve Henson]
875
     [Steve Henson]
Lines 899-904 Link Here
899
919
900
 Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
920
 Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
901
921
922
  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
923
  OpenSSL 0.9.8.]
924
902
  *) Fixes for newer kerberos headers. NB: the casts are needed because
925
  *) Fixes for newer kerberos headers. NB: the casts are needed because
903
     the 'length' field is signed on one version and unsigned on another
926
     the 'length' field is signed on one version and unsigned on another
904
     with no (?) obvious way to tell the difference, without these VC++
927
     with no (?) obvious way to tell the difference, without these VC++
(-)doc/ssl/SSL_CTX_set_options.pod (-1 / +1 lines)
Lines 86-92 Link Here
86
86
87
=item SSL_OP_MSIE_SSLV2_RSA_PADDING
87
=item SSL_OP_MSIE_SSLV2_RSA_PADDING
88
88
89
...
89
As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
90
90
91
=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
91
=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
92
92
(-)ssl/s23_srvr.c (-6 / +1 lines)
Lines 250-258 Link Here
250
	int n=0,j;
250
	int n=0,j;
251
	int type=0;
251
	int type=0;
252
	int v[2];
252
	int v[2];
253
#ifndef OPENSSL_NO_RSA
254
	int use_sslv2_strong=0;
255
#endif
256
253
257
	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
254
	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
258
		{
255
		{
Lines 501-509 Link Here
501
			}
498
			}
502
499
503
		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
500
		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
504
		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
501
		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
505
			use_sslv2_strong ||
506
			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
507
			s->s2->ssl2_rollback=0;
502
			s->s2->ssl2_rollback=0;
508
		else
503
		else
509
			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
504
			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
(-)ssl/ssl.h (-1 / +1 lines)
Lines 480-486 Link Here
480
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
480
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
481
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
481
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
482
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
482
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
483
#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L
483
#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
484
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
484
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
485
#define SSL_OP_TLS_D5_BUG				0x00000100L
485
#define SSL_OP_TLS_D5_BUG				0x00000100L
486
#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
486
#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L

Return to bug 108046