clarification

commit: a4974de937c185cf91e31558f037f6d5a089c28c [log] [tgz]
author: Bodo Möller <bodo@openssl.org> Mon Apr 03 14:11:23 2006 +0000
committer: Bodo Möller <bodo@openssl.org> Mon Apr 03 14:11:23 2006 +0000
tree: 6fbb80be810bf4b7a44352b3b7d8258cd71125b9
parent: 22f41c9b99ff41a9aa08cd5421c02e876f58702f [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 69c0d42..06cb57d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -223,7 +223,7 @@
 
 		if ((lenmax = limit - p - 6) < 0) return NULL; 
 		if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
-		if (s->tlsext_ellipticcurvelist_length > 255)
+		if (s->tlsext_ellipticcurvelist_length > 65532)
 			{
 			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
 			return NULL;
@@ -231,6 +231,12 @@
 		
 		s2n(TLSEXT_TYPE_elliptic_curves,ret);
 		s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
+
+		/* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
+		 * elliptic_curve_list, but the examples use two bytes.
+		 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
+		 * resolves this to two bytes.
+		 */
 		s2n(s->tlsext_ellipticcurvelist_length, ret);
 		memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
 		ret+=s->tlsext_ellipticcurvelist_length;
commit	a4974de937c185cf91e31558f037f6d5a089c28c	[log] [tgz]
author	Bodo Möller <bodo@openssl.org>	Mon Apr 03 14:11:23 2006 +0000
committer	Bodo Möller <bodo@openssl.org>	Mon Apr 03 14:11:23 2006 +0000
tree	6fbb80be810bf4b7a44352b3b7d8258cd71125b9
parent	22f41c9b99ff41a9aa08cd5421c02e876f58702f [diff] [blame]