git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Wed, 9 Nov 2016 14:06:12 +0000 (14:06 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 23 Nov 2016 15:31:21 +0000 (15:31 +0000)
commit	92760c21e62c6e5ef172fa110cf47a509cd50f2f
tree	a1aa35edbe72218b6897221e9427456199ef5e95	tree \| snapshot
parent	0d9824c1712b6cacd9b0ecfba26fb66ae4badfb4	commit \| diff

Update state machine to be closer to TLS1.3

This is a major overhaul of the TLSv1.3 state machine. Currently it still
looks like TLSv1.2. This commit changes things around so that it starts
to look a bit less like TLSv1.2 and bit more like TLSv1.3.

After this commit we have:

ClientHello
+ key_share          ---->
                           ServerHello
                           +key_share
                           {CertificateRequest*}
                           {Certificate*}
                           {CertificateStatus*}
                     <---- {Finished}
{Certificate*}
{CertificateVerify*}
{Finished}           ---->
[ApplicationData]    <---> [Application Data]

Key differences between this intermediate position and the final TLSv1.3
position are:
- No EncryptedExtensions message yet
- No server side CertificateVerify message yet
- CertificateStatus still exists as a separate message
- A number of the messages are still in the TLSv1.2 format
- Still running on the TLSv1.2 record layer

Reviewed-by: Rich Salz <rsalz@openssl.org>

include/openssl/ssl.h		diff \| blob \| history
ssl/s3_lib.c		diff \| blob \| history
ssl/ssl_err.c		diff \| blob \| history
ssl/ssl_locl.h		diff \| blob \| history
ssl/statem/statem_clnt.c		diff \| blob \| history
ssl/statem/statem_lib.c		diff \| blob \| history
ssl/statem/statem_srvr.c		diff \| blob \| history
ssl/t1_lib.c		diff \| blob \| history
ssl/tls13_enc.c		diff \| blob \| history
test/tls13secretstest.c		diff \| blob \| history