Hi all What is the idea behind copying the value of SSL->tlsext_expointformatlist to SSL_SESSION->tlsext_expointformatlist in ssl_get_new_session (see ssl/ssl_sess.c:379ff)?
On the server side, shouldn't this value be set no earlier than in ssl_parse_clienthello_tlsext (ssl/t1_lib.c:766ff)? Otherwise, the sanity check in ssl/t1_lib.c:780 fails if ssl3_accept is called for the second time with the same SSL structure. The first time ssl3_accept is called, ssl/t1_lib.c:780 is ok because SSL->tlsext_expointformatlist is NULL when ssl_get_new_session is called. During the first session however, SSL->tlsext_expointformatlist becomes != NULL and still holds this value when ssl_get_new_session is called for the second time. Thus, in the second session, SSL_SESSION->tlsext_expointformatlist is != NULL causing the sanity check to fail. This issue can be reproduced by calling make test_ssl. Thanks for clarifications! Kind regards, Stefan Birrer -- AdNovum Informatik AG Stefan Birrer, Software Engineer Dipl. Informatik-Ing. ETH Roentgenstrasse 22, CH-8005 Zurich mailto:[email protected] phone: +41 44 272 6111, fax: +41 44 272 6312 http://www.adnovum.ch AdNovum Offices: Bern, Budapest, Singapore, Zurich (HQ) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
