[erlang-patches] Fix to unknown ssl extension parsing
Ingela Anderton Andin
ingela@REDACTED
Tue Sep 27 17:01:13 CEST 2011
Hi !
We will accept the patch and leave the last clause as it is with a new
comment.
Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require
implementations to ignore data following the ClientHello (i.e.,
extensions) if they do not understand it.
Data not following the correct extension format will be considered not
understood.
Regards Ingela Erlang/OTP team - Ericsson AB
Ben Murphy wrote:
> Hi all,
>
> Here is a patch that fixes up the decoding of unknown extensions in
> SSL Hello packets. The original code interpreted the length of unknown
> extensions as being in bits instead of bytes so after reading one
> unknown extension it would end up skipping the rest of the extensions
> (once it has the wrong offset it keeps on reading corrupted
> extensions). I'm not exactly sure about what impact the incorrect
> decoding could have. The only Hello extension used in the SSL library
> is the secure renegotiation extension. It may be possible that
> sometimes we will not perform secure negotiation when it is available.
>
> git fetch git://github.com/benmmurphy/otp.git
> <http://github.com/benmmurphy/otp.git> fix_unknown_ssl_extension_parsing
> https://github.com/benmmurphy/otp/commit/5f7725dc581c7891cb41e725db50076d654511ba
>
> I was able to run the new_ssl tests fine but I wasn't able to get the
> old_ssl tests running on my machine.
> ------------------------------------------------------------------------
>
> _______________________________________________
> erlang-patches mailing list
> erlang-patches@REDACTED
> http://erlang.org/mailman/listinfo/erlang-patches
>
More information about the erlang-patches
mailing list