Hi Willy, On 22 Jan 2019, at 23:17, Willy Tarreau <[email protected]> wrote: > > As you can see it will enable this code when SSL_OP_NO_RENEGOTIATION=0, > which is what BoringSSL does and it needs this code to be disabled. Thus > I think it's better to simply do this : > > +#ifndef SSL_OP_NO_RENEGOTIATION > + /* Please note that BoringSSL defines this macro to zero so don't > + * change this to #if and do not assign a default value to this macro! > + */ >
Of course, you’re right. New version of the patch attached! Cheers, Dirkjan
0001-BUG-MEDIUM-ssl-Fix-handling-of-TLS-1.3-KeyUpdate-mes.patch
Description: Binary data
