Hello. OpenSSL 0.9.8y does not properly handle warning level alerts in SSLv23 client method unlike OpensSSL 1.0.0+.
For example, when OpenSSL 0.9.8 initiates a connection
using TLS-SNI extensions in "SSLv23 mode" and the server
replies to client hello with an unrecognized_name warning
alert, the handshake terminates client-side.
This issue has been reported by many clients linked against
OpenSSL 0.9.8 (see footer links).
When connecting to a server that sends warning-level alerts
on hostname mismatch in TLS-SNI, eg.:
$ openssl s_client -CApath /etc/ssl -connect \
$CorrectHostname:443 -servername $InvalidHostname \
-state < /dev/null 2>&1 | grep -E 'alert|error'
Current 0.9.8y behavior (output):
SSL3 alert read:warning:unknown
SSL_connect:error in SSLv2/v3 read server hello A
7632:error:14077458:SSL
routines:SSL23_GET_SERVER_HELLO:reason(1112):s23_clnt.c:602:
Desired behavior (output) [consistent with OpenSSL 1.0.1e]:
SSL3 alert read:warning:unrecognized name
SSL3 alert write:warning:close notify
Patch applies cleanly to OpenSSL_0_9_8-stable (HEAD@a44c9b9c)
and makes behavior consistent with OpenSSL 1.0.1e. Also, it
adds support for new alerts (RFC 6066 and RFC 4279).
Please consider its inclusion after appropriate code review.
--mancha
Note: A higher-level discussion is whether non-fatal
unrecognized_name alerts should be sent at all. Per RFC 6066,
"If a server name is provided but not recognized, the server
should either continue the handshake without an error or send
a fatal error. Sending a warning-level message is not
recommended because client behavior will be unpredictable."
=====
[1] http://marc.info/?l=openssl-users&m=131736995412529&w=2
[2] http://sourceforge.net/p/curl/bugs/1037/
[3] https://bugs.php.net/bug.php?id=61276
[4] https://github.com/joyent/node/issues/3033
0001-Fix-handling-of-warning-level-alerts-in-SSL23-client.patch
Description: Binary data
