The branch master has been updated
via 141e470947327e0c4e8ef3c299b42d01064c484c (commit)
via 9fb6cb810b769abbd60f11ef6e936a4e4456b19d (commit)
from 549be25303943738340e1edc22f71672c969cf62 (commit)
- Log -----------------------------------------------------------------
commit 141e470947327e0c4e8ef3c299b42d01064c484c
Author: Matt Caswell <[email protected]>
Date: Wed Oct 11 14:42:25 2017 +0100
Add a test for setting initial SNI in CH but not using it with early_data
Test for the bug where early_data is not accepted by the server when it
does not have an SNI callback set up, but the client sent a servername in
the initial ClientHello establishing the session.
Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Ben Kaduk <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/4519)
commit 9fb6cb810b769abbd60f11ef6e936a4e4456b19d
Author: Matt Caswell <[email protected]>
Date: Tue Oct 10 09:50:56 2017 +0100
Fix bug where early_data does not work if no SNI callback is present
Fixes #4496
Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Ben Kaduk <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/4519)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions.c | 5 +++++
test/sslapitest.c | 10 ++++++++++
2 files changed, 15 insertions(+)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index f6a200f..b5091ac 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -834,6 +834,11 @@ static int final_server_name(SSL *s, unsigned int context,
int sent,
ret = s->session_ctx->ext.servername_cb(s, &altmp,
s->session_ctx->ext.servername_arg);
+ if (!sent) {
+ OPENSSL_free(s->session->ext.hostname);
+ s->session->ext.hostname = NULL;
+ }
+
/*
* If we're expecting to send a ticket, and tickets were previously
enabled,
* and now tickets are disabled, then turn off expected ticket.
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 5299d57..c1137b0 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1507,6 +1507,16 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX
**sctx, SSL **clientssl,
NULL, NULL)))
return 0;
+ /*
+ * For one of the run throughs (doesn't matter which one), we'll try
sending
+ * some SNI data in the initial ClientHello. This will be ignored (because
+ * there is no SNI cb set up by the server), so it should not impact
+ * early_data.
+ */
+ if (idx == 1
+ && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost")))
+ return 0;
+
if (idx == 2) {
/* Create the PSK */
const SSL_CIPHER *cipher = NULL;
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
