aboutsummaryrefslogtreecommitdiff
path: root/openssl/trunk/ssl/t1_enc.c
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/trunk/ssl/t1_enc.c')
-rw-r--r--openssl/trunk/ssl/t1_enc.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/openssl/trunk/ssl/t1_enc.c b/openssl/trunk/ssl/t1_enc.c
index c544c764..e0ce6815 100644
--- a/openssl/trunk/ssl/t1_enc.c
+++ b/openssl/trunk/ssl/t1_enc.c
@@ -628,7 +628,15 @@ int tls1_enc(SSL *s, int send)
{
ii=i=rec->data[l-1]; /* padding_length */
i++;
- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ /* NB: if compression is in operation the first packet
+ * may not be of even length so the padding bug check
+ * cannot be performed. This bug workaround has been
+ * around since SSLeay so hopefully it is either fixed
+ * now or no buggy implementation supports compression
+ * [steve]
+ */
+ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ && !s->expand)
{
/* First packet is even in size, so check */
if ((memcmp(s->s3->read_sequence,
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 23:31:02 +0000