On Thu, Nov 25, 2010 at 12:02:26AM +0100, Mounir IDRASSI wrote:
> This is a known issue for which I have sent a patch (under ticket #2240) on
> April 25th 2010. OpenSSL wrongly returns an error if the ServerHello is
> missing the Supported Point Format extension whereas it should interpret it
> as only uncompressed format is supported.
My reading of RFC 4492 supports your interpretation:
Actions of the sender:
A server that selects an ECC cipher suite in response to a
ClientHello message including a Supported Point Formats Extension
appends this extension (along with others) to its ServerHello
message, enumerating the point formats it can parse. The Supported
Point Formats Extension, when used, MUST contain the value 0
---------
(uncompressed) as one of the items in the list of point formats.
Actions of the receiver:
A client that receives a ServerHello message containing a Supported
Point Formats Extension MUST respect the server's choice of point
formats during the handshake (cf. Sections 5.6 and 5.7). If no
-----
Supported Point Formats Extension is received with the ServerHello,
------------------------------------------------------------------
this is equivalent to an extension allowing only the uncompressed
------------------------------------------------------------------
point format.
-------------
> Can you check that this solves the failures you are seeing?
>
> Here is the link on RT with the description of the issue and the patch :
> http://rt.openssl.org/Ticket/Display.html?id=2240&user=guest&pass=guest
Thanks, I'll try it out.
Unless we are mistaken, I really think this should have been integrated
into 1.0.0b if not earlier. More important IMHO than backporting removal
of dead variables, which just risks code breakage, and should not go
into the stable release.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
