commit b575b54cb9fc211b5fc03bff36d62fa138ca9d98
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Oct 24 15:12:31 2014 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 16:00:50 2014 +0100
tree 887e3efefdc52a2cf670e5376e022a6183af114c
parent dd4592774b9f40e8068f5620ca4a801840307e00

Forbid extended master secret with SSLv3

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f65338e..ad67c22 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -648,8 +648,11 @@
 
     ((void) buf);
 
-    if( ssl->extended_ms == SSL_EXTENDED_MS_ENABLED )
+    if( ssl->extended_ms == SSL_EXTENDED_MS_ENABLED &&
+        ssl->minor_ver != SSL_MINOR_VERSION_0 )
+    {
         ssl->handshake->extended_ms = SSL_EXTENDED_MS_ENABLED;
+    }
 
     return( 0 );
 }
@@ -1686,7 +1689,8 @@
 {
     unsigned char *p = buf;
 
-    if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_DISABLED )
+    if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_DISABLED ||
+        ssl->minor_ver == SSL_MINOR_VERSION_0 )
     {
         *olen = 0;
         return;