[erlang-patches] Fix to unknown ssl extension parsing

Ben Murphy <>
Tue Sep 27 02:13:26 CEST 2011


Hi all,

Here is a patch that fixes up the decoding of unknown extensions in SSL
Hello packets. The original code interpreted the length of unknown
extensions as being in bits instead of bytes so after reading one unknown
extension it would end up skipping the rest of the extensions (once it has
the wrong offset it keeps on reading corrupted extensions). I'm not exactly
sure about what impact the incorrect decoding could have. The only Hello
extension used in the SSL library is the secure renegotiation extension. It
may be possible that sometimes we will not perform secure negotiation when
it is available.

git fetch git://github.com/benmmurphy/otp.gitfix_unknown_ssl_extension_parsing
https://github.com/benmmurphy/otp/commit/5f7725dc581c7891cb41e725db50076d654511ba

I was able to run the new_ssl tests fine but I wasn't able to get the
old_ssl tests running on my machine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-patches/attachments/20110927/7bcbf69f/attachment.html>


More information about the erlang-patches mailing list