More changes from HEAD:

- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
  now that ssl23_client_hello takes care of that

- fix buffer overrun checks in ssl_add_serverhello_tlsext()

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2bacb2601eb35edd91e7efaf0d159ac39d61526d..95e893737cc46e2a5bf361e520609e21aaeb068a 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1931,7 +1931,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
                        return 0;
                        }
-               s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
                break;
        case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
                s->tlsext_debug_arg=parg;

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 21ddcc61163047a3015aead6f5bd38bbcaec2269..fabc634d688889a84a91ec77cb8e8a171018a28b 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -207,7 +207,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
        if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
                { 
-               if (limit - p - 4 < 0) return NULL; 
+               if (limit - ret - 4 < 0) return NULL; 
 
                s2n(TLSEXT_TYPE_server_name,ret);
                s2n(0,ret);
@@ -216,7 +216,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
        if (s->tlsext_ticket_expected
                && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) 
                { 
-               if (limit - p - 4 < 0) return NULL; 
+               if (limit - ret - 4 < 0) return NULL; 
                s2n(TLSEXT_TYPE_session_ticket,ret);
                s2n(0,ret);
                }