Vendor import of OpenSSL 0.9.8d.

author: simon <simon@FreeBSD.org> 2006-10-01 07:38:44 +0000
committer: simon <simon@FreeBSD.org> 2006-10-01 07:38:44 +0000
commit: 387e65d767783525d46f90e7415169ff0015f809 (patch)
tree: ddbe8498869205da709070fe1d40135d495b9326 /crypto/openssl/ssl/t1_enc.c
parent: fb3c70eda88d3175627edc6a3316b4508b3d29c5 (diff)
download: FreeBSD-src-387e65d767783525d46f90e7415169ff0015f809.zip
FreeBSD-src-387e65d767783525d46f90e7415169ff0015f809.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index c544c76..e0ce681 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -628,7 +628,15 @@ int tls1_enc(SSL *s, int send)
 			{
 			ii=i=rec->data[l-1]; /* padding_length */
 			i++;
-			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+			/* NB: if compression is in operation the first packet
+			 * may not be of even length so the padding bug check
+			 * cannot be performed. This bug workaround has been
+			 * around since SSLeay so hopefully it is either fixed
+			 * now or no buggy implementation supports compression 
+			 * [steve]
+			 */
+			if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+				&& !s->expand)
 				{
 				/* First packet is even in size, so check */
 				if ((memcmp(s->s3->read_sequence,
author	simon <simon@FreeBSD.org>	2006-10-01 07:38:44 +0000
committer	simon <simon@FreeBSD.org>	2006-10-01 07:38:44 +0000
commit	387e65d767783525d46f90e7415169ff0015f809 (patch)
tree	ddbe8498869205da709070fe1d40135d495b9326 /crypto/openssl/ssl/t1_enc.c
parent	fb3c70eda88d3175627edc6a3316b4508b3d29c5 (diff)
download	FreeBSD-src-387e65d767783525d46f90e7415169ff0015f809.zip FreeBSD-src-387e65d767783525d46f90e7415169ff0015f809.tar.gz