On Tue, Aug 29, 2017 at 04:50:23PM +1000, Jonathan Gray wrote: > After the ALPN rewrite chromium/firefox/curl all refuse to connect to > httpd.
Fixed after recent changes to lib/libssl/ssl_tlsext.c ---------------------------- revision 1.14 date: 2017/08/29 19:20:13; author: doug; state: Exp; lines: +6 -1; commitid: oaERrzJe386I24Pk; When OCSP status type is unknown, ignore the extension. This needs to skip past the CBS data or it will be treated as a decode error even though it returns 1. ok jsing@ ---------------------------- revision 1.13 date: 2017/08/29 17:24:12; author: jsing; state: Exp; lines: +4 -4; commitid: Kc53ohulUv16P6zW; Actually parse the ALPN extension in a client hello, even if no ALPN callback has been installed. This ensures that the ALPN extension is valid and avoids leaving unprocessed extension data, which leads to a decode error. Found the hard way by jsg@ ----------------------------
