Ignore the session when setting SNI in s_client
authorMatt Caswell <matt@openssl.org>
Tue, 14 Nov 2017 13:43:42 +0000 (13:43 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 21 Nov 2017 17:46:22 +0000 (17:46 +0000)
As per this comment:

https://github.com/openssl/openssl/issues/4496#issuecomment-337767145

Since the server is entitled to reject our session our ClientHello
should include everything that we would want if a full handshake were
to happen. Therefore we shouldn't use the session as a source of
information for setting SNI.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)

apps/s_client.c
test/recipes/70-test_sslmessages.t
test/recipes/70-test_tls13messages.t

index 7c0639f..fcab44c 100644 (file)
@@ -1923,18 +1923,7 @@ int s_client_main(int argc, char **argv)
             ERR_print_errors(bio_err);
             goto end;
         }
             ERR_print_errors(bio_err);
             goto end;
         }
-        /* By default the SNI should be the same as was set in the session */
-        if (!noservername && servername == NULL) {
-            servername = SSL_SESSION_get0_hostname(sess);
 
 
-            if (servername == NULL) {
-                /*
-                 * Force no SNI to be sent so we are consistent with the
-                 * session.
-                 */
-                noservername = 1;
-            }
-        }
         SSL_SESSION_free(sess);
     }
 
         SSL_SESSION_free(sess);
     }
 
index 5ddf384..e3eadfa 100644 (file)
@@ -164,8 +164,7 @@ $proxy->clientflags("-no_tls1_3 -sess_in ".$session);
 $proxy->clientstart();
 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS
 $proxy->clientstart();
 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS
-               & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION
-               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
+               & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION,
                "Resumption handshake test");
 unlink $session;
 
                "Resumption handshake test");
 unlink $session;
 
index 239eabf..aaecbd3 100644 (file)
@@ -167,8 +167,7 @@ $proxy->clientstart();
 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
                (checkhandshake::DEFAULT_EXTENSIONS
                 | checkhandshake::PSK_CLI_EXTENSION
 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
                (checkhandshake::DEFAULT_EXTENSIONS
                 | checkhandshake::PSK_CLI_EXTENSION
-                | checkhandshake::PSK_SRV_EXTENSION)
-               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
+                | checkhandshake::PSK_SRV_EXTENSION),
                "Resumption handshake test");
 
 #Test 3: A status_request handshake (client request only)
                "Resumption handshake test");
 
 #Test 3: A status_request handshake (client request only)
@@ -312,8 +311,7 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
                (checkhandshake::DEFAULT_EXTENSIONS
                 | checkhandshake::KEY_SHARE_HRR_EXTENSION
                 | checkhandshake::PSK_CLI_EXTENSION
                (checkhandshake::DEFAULT_EXTENSIONS
                 | checkhandshake::KEY_SHARE_HRR_EXTENSION
                 | checkhandshake::PSK_CLI_EXTENSION
-                | checkhandshake::PSK_SRV_EXTENSION)
-               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
+                | checkhandshake::PSK_SRV_EXTENSION),
                "Resumption handshake with HRR test");
 
 #Test 16: Acceptable but non preferred key_share
                "Resumption handshake with HRR test");
 
 #Test 16: Acceptable but non preferred key_share