projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b58735) | patch
If a server is not acknowledging SNI then don't reject early_data
authorMatt Caswell <matt@openssl.org>
Tue, 14 Nov 2017 15:14:51 +0000 (15:14 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 21 Nov 2017 17:46:22 +0000 (17:46 +0000)
commit281bf2332caa33184ad611f4f96b3f7fd44d1d29
tree2932e81c9cfd0769f0f056e785e9e6b306863664tree | snapshot
parent3b5873567d24bf0d8bc2a175848e716e295d6c94commit | diff
If a server is not acknowledging SNI then don't reject early_data

SNI needs to be consistent before we accept early_data. However a
server may choose to not acknowledge SNI. In that case we have to
expect that a client may send it anyway. We change the consistency
checks so that not acknowledging is treated more a like a "wild card",
accepting any SNI as being consistent.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
ssl/statem/extensions.c diff | blob | history
test/sslapitest.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.