diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2003-01-15 17:56:47 +0300 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2003-01-15 17:56:47 +0300 |
commit | 0748cdc7f1775deac6b5bc0d583c7caa219a16b8 (patch) | |
tree | 986291f1aa413b5395383ee541d1953eeae68fe5 /CHANGES | |
parent | b2c71c489ddeb82a551171d5cb9c80eb36375c30 (diff) |
Fix initialization sequence to prevent freeing of unitialized objects.
Submitted by: Nils Larsch <nla@trustcenter.de>
PR: 459
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) DSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>, + Nils Larsch <nla@trustcenter.de> via PR#459) + [Lutz Jaenicke] + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly checked on reconnect on the client side, therefore session resumption could still fail with a "ssl session id is different" error. This |