aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMaxim Konovalov <maxim@FreeBSD.org>2005-10-13 08:58:43 +0000
committerMaxim Konovalov <maxim@FreeBSD.org>2005-10-13 08:58:43 +0000
commitf4ca4d4006df010b54400d42189a07c891aba9dd (patch)
tree672168e20daf033b5a10c8427109e6f4d03f6b1f
parentfb208ca830a7e3d28edcba38368d20c39ec65ecb (diff)
downloadsrc-f4ca4d4006df010b54400d42189a07c891aba9dd.tar.gz
src-f4ca4d4006df010b54400d42189a07c891aba9dd.zip
o Merge FreeBSD-SA-05:21.openssl.
Approved by: so (cperciva)
Notes
Notes: svn path=/releng/4.9/; revision=151281
-rw-r--r--UPDATING3
-rw-r--r--crypto/openssl/ssl/s23_srvr.c7
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 5 insertions, 7 deletions
diff --git a/UPDATING b/UPDATING
index f14ac1d16922..0da4229ce374 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20051013: p21 FreeBSD-SA-05:21.openssl
+ Correct a man-in-the-middle SSL version rollback vulnerability.
+
20050910: p20 FreeBSD-SA-05:20.cvsbug
Correct insecure temporary file usage.
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c
index c5404ca0bcd4..5139477eb780 100644
--- a/crypto/openssl/ssl/s23_srvr.c
+++ b/crypto/openssl/ssl/s23_srvr.c
@@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
int n=0,j;
int type=0;
int v[2];
-#ifndef OPENSSL_NO_RSA
- int use_sslv2_strong=0;
-#endif
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
@@ -519,9 +516,7 @@ int ssl23_get_client_hello(SSL *s)
}
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
- use_sslv2_strong ||
- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
s->s2->ssl2_rollback=0;
else
/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 5cd7c9f44909..fc0f98a3ffd5 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.9"
-BRANCH="RELEASE-p20"
+BRANCH="RELEASE-p21"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"