Hello. OpenSSL 0.9.8y does not properly handle warning level alerts in SSLv23 client method unlike OpensSSL 1.0.0+.
For example, when OpenSSL 0.9.8 initiates a connection using TLS-SNI extensions in "SSLv23 mode" and the server replies to client hello with an unrecognized_name warning alert, the handshake terminates client-side. This issue has been reported by many clients linked against OpenSSL 0.9.8 (see footer links). When connecting to a server that sends warning-level alerts on hostname mismatch in TLS-SNI, eg.: $ openssl s_client -CApath /etc/ssl -connect \ $CorrectHostname:443 -servername $InvalidHostname \ -state < /dev/null 2>&1 | grep -E 'alert|error' Current 0.9.8y behavior (output): SSL3 alert read:warning:unknown SSL_connect:error in SSLv2/v3 read server hello A 7632:error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112):s23_clnt.c:602: Desired behavior (output) [consistent with OpenSSL 1.0.1e]: SSL3 alert read:warning:unrecognized name SSL3 alert write:warning:close notify Patch applies cleanly to OpenSSL_0_9_8-stable (HEAD@a44c9b9c) and makes behavior consistent with OpenSSL 1.0.1e. Also, it adds support for new alerts (RFC 6066 and RFC 4279). Please consider its inclusion after appropriate code review. --mancha Note: A higher-level discussion is whether non-fatal unrecognized_name alerts should be sent at all. Per RFC 6066, "If a server name is provided but not recognized, the server should either continue the handshake without an error or send a fatal error. Sending a warning-level message is not recommended because client behavior will be unpredictable." ===== [1] http://marc.info/?l=openssl-users&m=131736995412529&w=2 [2] http://sourceforge.net/p/curl/bugs/1037/ [3] https://bugs.php.net/bug.php?id=61276 [4] https://github.com/joyent/node/issues/3033
0001-Fix-handling-of-warning-level-alerts-in-SSL23-client.patch
Description: Binary data