Comment 11 for bug 1051892

Revision history for this message
Tyler Hicks (tyhicks) wrote : Re: [Bug 1051892] Re: [Quantal] Regression in TLS 1.2 workarounds

On 2012-10-06 02:27:45, Adam Conrad wrote:
> Rejecting for now, based on the diff, until someone explains to me why
> the upstream commit adds the same code block to two files (s3_clnt.c and
> s23_clnt.c), but the Ubuntu patch only swaps the get_version call to
> get_client_version in one of them (s23_clnt.c). This feels wrong to me,
> but maybe there's a valid reason for it?

There's a reason, but I'm not sure if it is actually valid:

That's how it is in Precise.

I mentioned that s3_clnt.c should probably be changed to
TLS1_get_client_version() in this bug description and the patch that I
proposed to upstream in rt #2881 does make that change. But since
upstream hasn't commented and things seem to be working ok in Precise, I
don't want to rock the boat too much at this point.

FWIW, I did switch ssl3_client_hello() over to use
TLS1_get_client_version() and all of the test results above were the
same. So I'm ok with making the change, but I'd rather not at this
point.