MFC 218625:
Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could
cause OpenSSL to parse past the end of the message.
Note: Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".
The very quick MFC is done to get this fix into 7.4 / 8.2.
Discussed with: re
Approved by: so (simon, for "instant" MFC)
Obtained from: OpenSSL CVS
Security: http://www.openssl.org/news/secadv_20110208.txt
Security: CVE-2011-0014
git-svn-id: svn://svn.freebsd.org/base/stable/8@218633
ccf9f872-aa2e-dd11-9fc8-
001c23d0bc1f