SSL Updates – NET+OS 6.0

 

Last Updated: 12/07/06         Fix Count:  4

_______________________________________________________________________________­­­­­­­­­­­___________________________________________

 

Title

SSL Memory Leak

 

Case:  19716

 

Date Fixed:  12/07/06

 

Description

Memory leak while generating keys

 

Solution

Corrected logic in function tls_handshake_protocol_generate_key_material()

__________________________________________________________________________________________________________________________

 

Title

Web pages not displayed correctly using SSL

 

Case:  17778

 

Date Fixed:  06/13/06

 

Description

Web pages (connected through SSL) may not completely display or may fail to display fully and correctly. Alternatively, files transferred through the advanced web server (AWS) and SSL may be missing characters.

 

Solution

A defect in logic was found in the SSL code that interfaces between the network (browsers) and the SSL engine. The defect was that the code was incorrectly using the sensing of a short packet (less than 1024 bytes) as a signal that all data had been transferred. In fact the only sure way to test for end of file is the receipt of a zero-length packet. The code to check for a short packet has been removed and replaced with code to correctly sense that the peer has closed the connection.

__________________________________________________________________________________________________________________________

 

Title

Remote connection info feature

 

Case:  16375

 

Date Fixed:  07/06/05

 

Description

Added a new function NASSLGetRemoteConnectionInformation()that can grab the remote IP address and port of the HTTPS client from the other side of the proxy. 

 

Solution

The intent is to use this function in conjunction with RpGetConnectionInformation() when this value shows a loopback connection.

__________________________________________________________________________________________________________________________

 

Title

SSL Memory Leak

 

Case:  16392

 

Date Fixed:  06/22/05

 

Description

Running the Nessus NewT security scanner causes SSL to hang.

 

Solution

Corrected memory leaks in the SSL library to prevent an SSL server from hanging.

__________________________________________________________________________________________________________________________

 

Files:   netos\h\ssl.h

            netos\lib\32b\libssl.a  (GNU)

            netos\lib\32b\ssl.a  (GHS)

 

Special Instructions

 

• Unzip the patch(es) to the root of your NET+OS installation, for example C:\netos60_gnu\.
• Be sure to install any patches listed under Dependencies below
• Rebuild your application.

 

Patch Link:  SSLUpdates_60

 

Dependencies

This patch also requires the installation of the following patch(es):

If you are a NET+OS 6.0 GNU user, you must install this patch first –

Patch Link:  6.0F GNU Update 1

 

If you are a NET+OS 6.0 GHS user, you must install this patch first –

Patch Link:  6.0 GHS Update 1