Blame SOURCES/openssl-1.1.1-tls-compliance.patch
|
 |
b63792 |
diff -up openssl-1.1.1c/ssl/record/ssl3_record.c.compliance openssl-1.1.1c/ssl/record/ssl3_record.c
|
|
|
b63792 |
--- openssl-1.1.1c/ssl/record/ssl3_record.c.compliance 2019-05-28 15:12:21.000000000 +0200
|
|
|
b63792 |
+++ openssl-1.1.1c/ssl/record/ssl3_record.c 2019-11-25 13:10:53.890637381 +0100
|
|
|
b63792 |
@@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s)
|
|
|
b63792 |
RECORD_LAYER_reset_read_sequence(&s->rlayer);
|
|
|
b63792 |
return 1;
|
|
|
b63792 |
}
|
|
|
b63792 |
- SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
|
|
|
b63792 |
+ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
|
|
|
b63792 |
SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
|
|
b63792 |
return -1;
|
|
|
b63792 |
}
|
|
|
b63792 |
diff -up openssl-1.1.1c/ssl/statem/extensions_srvr.c.compliance openssl-1.1.1c/ssl/statem/extensions_srvr.c
|
|
|
b63792 |
--- openssl-1.1.1c/ssl/statem/extensions_srvr.c.compliance 2019-05-28 15:12:21.000000000 +0200
|
|
|
b63792 |
+++ openssl-1.1.1c/ssl/statem/extensions_srvr.c 2019-11-25 13:12:59.329459528 +0100
|
|
|
b63792 |
@@ -1487,6 +1487,10 @@ EXT_RETURN tls_construct_stoc_status_req
|
|
|
b63792 |
unsigned int context, X509 *x,
|
|
|
b63792 |
size_t chainidx)
|
|
|
b63792 |
{
|
|
|
b63792 |
+ /* We don't currently support this extension inside a CertificateRequest */
|
|
|
b63792 |
+ if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)
|
|
|
b63792 |
+ return EXT_RETURN_NOT_SENT;
|
|
|
b63792 |
+
|
|
|
b63792 |
if (!s->ext.status_expected)
|
|
|
b63792 |
return EXT_RETURN_NOT_SENT;
|
|
|
b63792 |
|