projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d6c2587) | patch
Refactor ClientHello extension parsing
authorEmilia Kasper <emilia@openssl.org>
Tue, 22 Sep 2015 13:20:26 +0000 (15:20 +0200)
committerEmilia Kasper <emilia@openssl.org>
Thu, 3 Mar 2016 12:53:26 +0000 (13:53 +0100)
commit062178678f5374b09f00d70796f6e692e8775aca
treeae299cf72a32514f7e5315af16977976f6083c86tree | snapshot
parentd6c2587967f93f2f9c226bda9139ae427698f20fcommit | diff
Refactor ClientHello extension parsing

1) Simplify code with better PACKET methods.

2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.

3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.

4) Send an alert on ALPN protocol mismatch.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
CHANGES diff | blob | history
include/openssl/ssl.h diff | blob | history
include/openssl/tls1.h diff | blob | history
ssl/packet_locl.h diff | blob | history
ssl/s3_enc.c diff | blob | history
ssl/t1_enc.c diff | blob | history
ssl/t1_lib.c diff | blob | history
test/packettest.c diff | blob | history
test/recipes/80-test_ssl.t diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.