for (currv = max_version; currv >= min_version; currv--) {
/* TODO(TLS1.3): Remove this first if clause prior to release!! */
if (currv == TLS1_3_VERSION) {
- if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)) {
+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
unsigned int context, X509 *x,
size_t chainidx)
{
+#ifndef OPENSSL_NO_PSK
char identity[PSK_MAX_IDENTITY_LEN + 1];
+#endif /* OPENSSL_NO_PSK */
const unsigned char *id = NULL;
size_t idlen = 0;
SSL_SESSION *psksess = NULL;
return EXT_RETURN_FAIL;
}
+#ifndef OPENSSL_NO_PSK
if (psksess == NULL && s->psk_client_callback != NULL) {
unsigned char psk[PSK_MAX_PSK_LEN];
size_t psklen = 0;
OPENSSL_cleanse(psk, psklen);
}
}
+#endif /* OPENSSL_NO_PSK */
SSL_SESSION_free(s->psksession);
s->psksession = psksess;
s->ext.early_data_ok = 0;
}
if (!s->hit) {
- /* If a new session then update it with the selected ALPN */
+ /*
+ * This is a new session and so alpn_selected should have been
+ * initialised to NULL. We should update it with the selected ALPN.
+ */
+ if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
s->session->ext.alpn_selected =
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
if (s->session->ext.alpn_selected == NULL) {
}
/* TODO(TLS1.3): Remove this before release */
- if (version == TLS1_3_VERSION_DRAFT)
+ if (version == TLS1_3_VERSION_DRAFT
+ || version == TLS1_3_VERSION_DRAFT_27
+ || version == TLS1_3_VERSION_DRAFT_26)
version = TLS1_3_VERSION;
/*