Revision d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 authored by Matt Caswell on 10 November 2015, 15:17:42 UTC, committed by Matt Caswell on 10 November 2015, 19:24:20 UTC
If a DTLS client that does not support secure renegotiation connects to an OpenSSL DTLS server then, by default, renegotiation is disabled. If a server application attempts to initiate a renegotiation then OpenSSL is supposed to prevent this. However due to a discrepancy between the TLS and DTLS code, the server sends a HelloRequest anyway in DTLS. This is not a security concern because the handshake will still fail later in the process when the client responds with a ClientHello. Reviewed-by: Tim Hudson <tjh@openssl.org>
1 parent 15a7164
opensslwrap.sh
#!/bin/sh
HERE="`echo $0 | sed -e 's|[^/]*$||'`"
OPENSSL="${HERE}../apps/openssl"
if [ -d "${HERE}../engines" -a "x$OPENSSL_ENGINES" = "x" ]; then
OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES
fi
if [ -x "${OPENSSL}.exe" ]; then
# The original reason for this script existence is to work around
# certain caveats in run-time linker behaviour. On Windows platforms
# adjusting $PATH used to be sufficient, but with introduction of
# SafeDllSearchMode in XP/2003 the only way to get it right in
# *all* possible situations is to copy newly built .DLLs to apps/
# and test/, which is now done elsewhere... The $PATH is adjusted
# for backward compatibility (and nostagical reasons:-).
if [ "$OSTYPE" != msdosdjgpp ]; then
PATH="${HERE}..:$PATH"; export PATH
fi
exec "${OPENSSL}.exe" "$@"
elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then
exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@"
else
exec "${OPENSSL}" "$@" # hope for the best...
fi
Computing file changes ...
