Really fix SSLv2 session ID handling

PR: 377
author: Lutz Jänicke <jaenicke@openssl.org> 2003-01-15 12:48:29 +0300
committer: Lutz Jänicke <jaenicke@openssl.org> 2003-01-15 12:48:29 +0300
commit: b2c71c489ddeb82a551171d5cb9c80eb36375c30 (patch)
tree: c01434389afa668830cb59fe1b64de7b9a3bd3c0 /CHANGES
parent: 2ce906cee7b65fad297bd1866bfaf04c5437a93d (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 2f4554b03f..85bd963ae9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 0.9.7 and 0.9.7a  [XX xxx 2003]
 
+  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+     checked on reconnect on the client side, therefore session resumption
+     could still fail with a "ssl session id is different" error. This
+     behaviour is masked when SSL_OP_ALL is used due to
+     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     followup to PR #377.
+     [Lutz Jaenicke]
+
   *) IA-32 assembler support enhancements: unified ELF targets, support
      for SCO/Caldera platforms, fix for Cygwin shared build.
      [Andy Polyakov]
author	Lutz Jänicke <jaenicke@openssl.org>	2003-01-15 12:48:29 +0300
committer	Lutz Jänicke <jaenicke@openssl.org>	2003-01-15 12:48:29 +0300
commit	b2c71c489ddeb82a551171d5cb9c80eb36375c30 (patch)
tree	c01434389afa668830cb59fe1b64de7b9a3bd3c0 /CHANGES
parent	2ce906cee7b65fad297bd1866bfaf04c5437a93d (diff)