Upstream wolfssl already has better checks to detect broken ssl v2 ClientHellos, we can remove our hack. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 46168master
parent
9177e16098
commit
69a2459c66
@ -1,13 +0,0 @@ |
|||||||
--- a/src/internal.c
|
|
||||||
+++ b/src/internal.c
|
|
||||||
@@ -6353,6 +6353,10 @@ int ProcessReply(CYASSL* ssl)
|
|
||||||
b1 =
|
|
||||||
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
|
|
||||||
ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
|
|
||||||
+
|
|
||||||
+ /* does not appear to a be a SSLv2 client hello */
|
|
||||||
+ if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 )
|
|
||||||
+ return UNKNOWN_HANDSHAKE_TYPE;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
ssl->options.processReply = getRecordLayerHeader;
|
|
Loading…
Reference in new issue