Fix wrong handling of session ID in SSLv2 client code.

PR: 377
author: Lutz Jänicke <jaenicke@openssl.org> 2002-12-29 23:58:55 +0300
committer: Lutz Jänicke <jaenicke@openssl.org> 2002-12-29 23:58:55 +0300
commit: ef9d3a10c36aa30aa764923d42421395da4ce55d (patch)
tree: 58869f908ad1a7d7f8fff890b12679bbf489b89b /CHANGES
parent: 20c9a507105211e6050a63de01f13fd9ea96b126 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index afefb21303..a259bd33af 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 0.9.6h and 0.9.7  [XX xxx 2002]
 
+  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+     code (06) was taken as the first octet of the session ID and the last
+     octet was ignored consequently. As a result SSLv2 client side session
+     caching could not have worked due to the session ID mismatch between
+     client and server.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     PR #377.
+     [Lutz Jaenicke]
+
   *) Change the declaration of needed Kerberos libraries to use EX_LIBS
      instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
      removed entirely.
author	Lutz Jänicke <jaenicke@openssl.org>	2002-12-29 23:58:55 +0300
committer	Lutz Jänicke <jaenicke@openssl.org>	2002-12-29 23:58:55 +0300
commit	ef9d3a10c36aa30aa764923d42421395da4ce55d (patch)
tree	58869f908ad1a7d7f8fff890b12679bbf489b89b /CHANGES
parent	20c9a507105211e6050a63de01f13fd9ea96b126 (diff)