$NetBSD: patch-bc,v 1.1 2010/03/26 00:20:49 taca Exp $

Fix for CVE-2010-0740: http://www.openssl.org/news/secadv_20100324.txt

--- ssl/s3_pkt.c.orig	2010-01-24 13:52:38.000000000 +0000
+++ ssl/s3_pkt.c
@@ -291,9 +291,9 @@ again:
 			if (version != s->version)
 				{
 				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-				/* Send back error using their
-				 * version number :-) */
-				s->version=version;
+				if ((s->version & 0xFF00) == (version & 0xFF00))
+					/* Send back error using their minor version number :-) */
+					s->version = (unsigned short)version;
 				al=SSL_AD_PROTOCOL_VERSION;
 				goto f_err;
 				}