openssl/openssl-0.9.8b-block-padding.patch

openssl/ssl/t1_enc.c     1.35.2.1 -> 1.35.2.2

--- openssl/ssl/t1_enc.c 2005/09/30 23:38:20 1.35.2.1
+++ openssl/ssl/t1_enc.c 2006/05/07 12:27:48 1.35.2.2
@@ -628,7 +628,15 @@
 			{
 			ii=i=rec->data[l-1]; /* padding_length */
 			i++;
-			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+			/* NB: if compression is in operation the first packet
+			 * may not be of even length so the padding bug check
+			 * cannot be performed. This bug workaround has been
+			 * around since SSLeay so hopefully it is either fixed
+			 * now or no buggy implementation supports compression 
+			 * [steve]
+			 */
+			if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+				&& !s->expand)
 				{
 				/* First packet is even in size, so check */
 				if ((memcmp(s->s3->read_sequence,
- fixed a few rpmlint warnings - better fix for #173399 from upstream - upstream fix for pkcs12 2006-06-05 13:55:51 +00:00			`openssl/ssl/t1_enc.c 1.35.2.1 -> 1.35.2.2`

			`--- openssl/ssl/t1_enc.c 2005/09/30 23:38:20 1.35.2.1`
			`+++ openssl/ssl/t1_enc.c 2006/05/07 12:27:48 1.35.2.2`
			`@@ -628,7 +628,15 @@`
			`{`
			`ii=i=rec->data[l-1]; /* padding_length */`
			`i++;`
			`- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)`
			`+ /* NB: if compression is in operation the first packet`
			`+ * may not be of even length so the padding bug check`
			`+ * cannot be performed. This bug workaround has been`
			`+ * around since SSLeay so hopefully it is either fixed`
			`+ * now or no buggy implementation supports compression`
			`+ * [steve]`
			`+ */`
			`+ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)`
			`+ && !s->expand)`
			`{`
			`/* First packet is even in size, so check */`
			`if ((memcmp(s->s3->read_sequence,`