artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9949a15) | patch
Garbage collect s->internal->type
authortb <tb@openbsd.org>
Sat, 27 Mar 2021 17:56:28 +0000 (17:56 +0000)
committertb <tb@openbsd.org>
Sat, 27 Mar 2021 17:56:28 +0000 (17:56 +0000)
commitb0828d45f91367dfdcbaa36107b95c7001513ed5
treec366e66b94c554be014e7c8f1555513187109db0tree | snapshot
parent9949a151189a5e7238011933d060910335d09d0bcommit | diff
Garbage collect s->internal->type

This variable is used in the legacy stack to decide whether we are
a server or a client. That's what s->server is for...

The new TLSv1.3 stack failed to set s->internal->type, which resulted
in hilarious mishandling of previous_{client,server}_finished. Indeed,
both client and server would first store the client's verify_data in
previous_server_finished and later overwrite it with the server's
verify_data. Consequently, renegotiation has been completely broken
for more than a year. In fact, server side renegotiation was broken
during the 6.5 release cycle. Clearly, no-one uses this.

This commit fixes client side renegotiation and restores the previous
behavior of SSL_get_client_CA_list(). Server side renegotiation will
be fixed in a later commit.

ok jsing
lib/libssl/ssl_both.c diff | blob | history
lib/libssl/ssl_cert.c diff | blob | history
lib/libssl/ssl_clnt.c diff | blob | history
lib/libssl/ssl_lib.c diff | blob | history
lib/libssl/ssl_locl.h diff | blob | history
lib/libssl/ssl_srvr.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim