projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c5ebfca) | patch
Fix NPN protocol name list validation
authorKazuki Yamaguchi <k@rhe.jp>
Sat, 12 Dec 2015 15:51:06 +0000 (00:51 +0900)
committerMatt Caswell <matt@openssl.org>
Mon, 16 May 2016 10:45:25 +0000 (11:45 +0100)
commitb04f947941d08b5d077a63b017ecee5e4e2e11cc
tree4ebddd31995a1f9dcaff04529dd68bc199431877tree | snapshot
parentc5ebfcab713a82a1d46a51c8c2668c419425b387commit | diff
Fix NPN protocol name list validation

Since 50932c4 "PACKETise ServerHello processing",
ssl_next_proto_validate() incorrectly allows empty protocol name.
draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that
the empty string is not included and that no byte strings are
truncated."
This patch restores the old correct behavior.

[1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.