git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Sun, 27 Jan 2019 11:00:16 +0000 (11:00 +0000)
committer	Matt Caswell <matt@openssl.org>
	Thu, 14 Feb 2019 16:17:34 +0000 (16:17 +0000)
commit	4af5836b55442f31795eff6c8c81ea7a1b8cf94b
tree	9c0e2318753afbc715e71ad91dbf557205a2e4a5	tree \| snapshot
parent	3c83c5ba4f6502c708b7a5f55c98a10e312668da	commit \| diff

Don't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages

The original 1.1.1 design was to use SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal start/end of a post-handshake message
exchange in TLSv1.3. Unfortunately experience has shown that this confuses
some applications who mistake it for a TLSv1.2 renegotiation. This means
that KeyUpdate messages are not handled properly.

This commit removes the use of SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal the start/end of a post-handshake
message exchange. Individual post-handshake messages are still signalled in
the normal way.

This is a potentially breaking change if there are any applications already
written that expect to see these TLSv1.3 events. However, without it,
KeyUpdate is not currently usable for many applications.

Fixes #8069

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8096)

CHANGES		diff \| blob \| history
doc/man3/SSL_CTX_set_info_callback.pod		diff \| blob \| history
ssl/statem/statem.c		diff \| blob \| history
ssl/statem/statem_lib.c		diff \| blob \| history
ssl/statem/statem_srvr.c		diff \| blob \| history
test/sslapitest.c		diff \| blob \| history