From 4043d7db4e466d15193c3bad3b204048fc13b785 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Mon, 9 Oct 2006 16:47:10 +0000
Subject: Merged in changes from OpenSSL 0.9.8d

svn path=/openssl/trunk/CHANGES; revision=377
---
 openssl/trunk/ssl/t1_enc.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'openssl/trunk/ssl/t1_enc.c')

diff --git a/openssl/trunk/ssl/t1_enc.c b/openssl/trunk/ssl/t1_enc.c
index c544c764..e0ce6815 100644
--- a/openssl/trunk/ssl/t1_enc.c
+++ b/openssl/trunk/ssl/t1_enc.c
@@ -628,7 +628,15 @@ int tls1_enc(SSL *s, int send)
 			{
 			ii=i=rec->data[l-1]; /* padding_length */
 			i++;
-			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+			/* NB: if compression is in operation the first packet
+			 * may not be of even length so the padding bug check
+			 * cannot be performed. This bug workaround has been
+			 * around since SSLeay so hopefully it is either fixed
+			 * now or no buggy implementation supports compression 
+			 * [steve]
+			 */
+			if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+				&& !s->expand)
 				{
 				/* First packet is even in size, so check */
 				if ((memcmp(s->s3->read_sequence,
-- 
cgit v1.2.3