[openssl.org #3480] TLSEXT_TYPE_application_layer_protocol_negotiation

Sun, 03 Aug 2014 08:23:30 -0700 

TLSEXT_TYPE_application_layer_protocol_negotiation was defined in
RFC7301 for which the IANA assigned #16

A non-IANA definition of TLSEXT_TYPE_next_proto_neg = 13172 is used.

The openssl tls code for #ifndef OPENSSL_NO_NEXTPROTONEG all used the
non-iana definition.

This patch corrects openssl to use tje IANA defined
TLSEXT_TYPE_application_layer_protocol_negotiation (16) but keeps
TLSEXT_TYPE_next_proto_neg for those trying to debug the confusion created.


diff --git a/apps/s_cb.c b/apps/s_cb.c
index cf34e00..4f7ff76 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1017,10 +1017,13 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
 		extname = "opaque PRF input";
 		break;
 #endif
-#ifdef TLSEXT_TYPE_next_proto_neg
-		case TLSEXT_TYPE_next_proto_neg:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+		case TLSEXT_TYPE_application_layer_protocol_negotiation:
 		extname = "next protocol";
 		break;
+		case TLSEXT_TYPE_next_proto_neg:
+		extname = "next protocol OLD NOT IANA";
+		break;
 #endif
 #ifdef TLSEXT_TYPE_encrypt_then_mac
 		case TLSEXT_TYPE_encrypt_then_mac:
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4374d6a..3c52024 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1434,11 +1434,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
 #ifndef OPENSSL_NO_NEXTPROTONEG
 	if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
 		{
-		/* The client advertises an emtpy extension to indicate its
+		/* The client advertises an empty extension to indicate its
 		 * support for Next Protocol Negotiation */
 		if (limit - ret - 4 < 0)
 			return NULL;
-		s2n(TLSEXT_TYPE_next_proto_neg,ret);
+		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
 		s2n(0,ret);
 		}
 #endif
@@ -1731,7 +1731,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
 		if (r == SSL_TLSEXT_ERR_OK)
 			{
 			if ((long)(limit - ret - 4 - npalen) < 0) return NULL;
-			s2n(TLSEXT_TYPE_next_proto_neg,ret);
+			s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
 			s2n(npalen,ret);
 			memcpy(ret, npa, npalen);
 			ret += npalen;
@@ -2448,7 +2448,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 			}
 #endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
-		else if (type == TLSEXT_TYPE_next_proto_neg &&
+		else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
 			 s->s3->tmp.finish_md_len == 0 &&
 			 s->s3->alpn_selected == NULL)
 			{
@@ -2726,7 +2726,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 			s->tlsext_status_expected = 1;
 			}
 #ifndef OPENSSL_NO_NEXTPROTONEG
-		else if (type == TLSEXT_TYPE_next_proto_neg &&
+		else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
 			 s->s3->tmp.finish_md_len == 0)
 			{
 			unsigned char *selected;
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 0799a7a..6f66ab1 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -360,12 +360,11 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
 	{TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
 	{TLSEXT_TYPE_use_srtp, "use_srtp"},
 	{TLSEXT_TYPE_heartbeat, "heartbeat"},
+	{TLSEXT_TYPE_application_layer_protocol_negotiation, "next_proto_neg"},
+	{TLSEXT_TYPE_next_proto_neg, "next_proto_neg_OLD_NOT_IANA"},
 	{TLSEXT_TYPE_session_ticket, "session_ticket"},
-#ifdef TLSEXT_TYPE_opaque_prf_input
 	{TLSEXT_TYPE_opaque_prf_input, "opaque_prf_input"},
-#endif
 	{TLSEXT_TYPE_renegotiate, "renegotiate"},
-	{TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
 	{TLSEXT_TYPE_padding, "padding"}
 };
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 3499584..24e3322 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -233,8 +233,13 @@ extern "C" {
 /* ExtensionType value from RFC5620 */
 #define TLSEXT_TYPE_heartbeat	15
 
-/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* ExtensionType value from RFC7301 */
 #define TLSEXT_TYPE_application_layer_protocol_negotiation 16
+/* This is not an IANA defined extension number */
+#define TLSEXT_TYPE_next_proto_neg		13172
+#endif
+
 
 /* ExtensionType value for TLS padding extension.
  * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
@@ -259,11 +264,6 @@ extern "C" {
 /* Temporary extension type */
 #define TLSEXT_TYPE_renegotiate                 0xff01
 
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_next_proto_neg		13172
-#endif
-
 /* NameType value from RFC 3546 */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */

Reply via email to