K 10
svn:author
V 5
simon
K 8
svn:date
V 27
2011-02-13T10:24:36.212365Z
K 7
svn:log
V 574
MFC 218625:
 Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could
 cause OpenSSL to parse past the end of the message.

 Note: Applications are only affected if they act as a server and call
 SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
 Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".

The very quick MFC is done to get this fix into 7.4 / 8.2.

Discussed with:	re
Approved by:	so (simon, for "instant" MFC)
Obtained from:	OpenSSL CVS
Security:	http://www.openssl.org/news/secadv_20110208.txt
Security:	CVE-2011-0014

END